Privacy Policy

locarora ('Locarora', 'we', 'us') values and respects your personal information and strives to comply with the principles and regulations of personal information protection in accordance with relevant laws and regulations.

We may collect, process, use, and disclose your information when you use our website or the Locarora app (collectively referred to as the 'Locarora Platform') and the services provided by us or third parties ('Operators') through the Locarora Platform ('Services'). In this Privacy Policy, 'you' includes all users who access the Locarora Platform or use the Services.

This Privacy Policy establishes the basic matters regarding the collection, processing, use, or disclosure of your information acquired by us when you access the Locarora Platform or use the Services. Such information may include personal information that is associated with or linked to a specific person, such as your name, address, phone number, email address, travel document information, and other personal information that you provide and that we process through the Locarora Platform ('Personal Information').

Please read this Privacy Policy carefully.

1. Scope of Application and Consent

  • This policy applies when you access the Locarora Platform or use the Services.
  • We strive to comply with relevant laws (Korea's Personal Information Protection Act (PIPA), Act on the Protection and Use of Location Information, etc.) and applicable regional laws for overseas users (e.g., EU/EEA and UK GDPR, Japan's APPI, etc.).
  • We may change, revise, or modify this Privacy Policy or any part thereof without prior notice, and unless significant changes are adverse to you and require our consent, you are deemed to have agreed to such changes, revisions, or modifications. Continued use of the service after changes may be deemed consent to the revised policy. Please discontinue use of the service if you do not agree.

2. Types of Personal Information Processed

(1) Required Items

  1. Contact and Account Information: Name, country/region, email, date of birth, mobile phone number, account name (ID), password
  2. Payment/Settlement Information: Card number/expiration date (including tokenization), payment approval/acquisition information, refund account (if necessary)
  3. Reservation/Rental Information: Reservation number, rental/return schedule and location, items/options, damage/loss-related history and documents (if necessary), accessibility requests and special notes
  4. Identity Verification Information: Date of birth, gender, nationality, identification information from government-issued IDs (passport, driver's license, etc.) (number, issuing country/expiration date, etc.)
  5. Device/Log Information: IP, approximate location (country/city level), device/OS/browser information, carrier/network, access date/time/session, visit/click/view history, etc.
  6. Platform Activity Information: Search/view history, transaction history, shopping cart, coupon/point usage, customer center inquiry/dispute processing records, notification settings
  7. Content: Photos/images/videos, reviews/comments, messages (messages between us and users, including intermediary messages between users and sellers)
  8. When linking SNS/SSO:
    • Kakao/Naver/Google/Facebook/Apple: Linked ID, email, nickname, profile image, and other items provided (within the scope specified in each platform's policy/consent screen)
  9. When making reservations for others: Name, contact information, and other information necessary for reservation/rental of accompanying persons

(2) Optional Items

  1. Marketing Communication Information: Email, phone number, app push consent status
  2. Survey/Event Responses: Opinions for service improvement, satisfaction, and voluntarily provided information in responses

You may refuse to provide optional items, but access to some benefits/promotions may be limited. Failure to provide required items may result in inability to create an account, make payments, or perform reservations/rentals.

3. Purposes of Processing

  • Member management and identity verification: Account creation/management, identity verification, prevention of fraudulent use
  • Service provision: Reservation/rental acceptance, confirmation, and performance (including intermediation with sellers), customer support, dispute response
  • Payment/Settlement: Payment approval, acquisition, refund, tax invoice/cash receipt issuance (upon request)
  • Safety/Security: Abnormal transaction detection, account security, fraud/theft/loss investigation and prevention
  • Improvement/Analysis: Service usage analysis, feature improvement, quality control, personalized recommendations
  • Communication: Reservation/rental notifications, announcements/terms change notices, customer inquiry response
  • Marketing (with consent): Newsletter/promotion/benefit information, event operation
  • Legal compliance: Record retention for accounting/tax/e-commerce/consumer protection and dispute response

4. Processing of Personal Location Information

  • We process personal location information in accordance with the 'Act on the Protection and Use of Location Information' as follows: Service Name: Location-based services Purpose: Providing personalized information such as nearby pickup/return points, sellers, and product recommendations Retention Period: Temporarily retained within the scope necessary for service provision, then destroyed without delay
  • Data confirming location information use/provision is retained for at least 6 months as required by law.
  • It is destroyed without delay when the purpose of use/provision is achieved, but may be retained for up to 1 year if there are legal requirements or separate consent.
  • Consent of legal guardians for children under 8 years of age, provision to third parties, and exercise of rights comply with relevant laws.

5. Retention and Use Period

  • In principle, personal information is destroyed without delay upon membership withdrawal or achievement of processing purpose.
  • However, the following records are retained for the following periods as required by law:
    • Contract/subscription withdrawal records: 5 years
    • Payment/goods supply records: 5 years
    • Consumer complaint/dispute handling records: 3 years
    • Access log records: 3 months
  • For analysis/statistical purposes, personal information may be used after anonymization/pseudonymization processing.

6. Destruction Procedures and Methods

  • When grounds for destruction occur, the subject is verified according to internal procedures and destroyed after approval by the Personal Information Protection Officer.
  • Electronic files are destroyed using technical methods that make recovery/regeneration impossible, and printouts are destroyed by shredding or incineration.
  • If there is an obligation to retain under other laws, they are separately stored in a separate database.

7. Provision of Personal Information to Third Parties

  • We provide personal information to third parties only when there is a legal basis or consent from the data subject.
  • Personal information may be provided to the following categories of partners for reservation/rental performance: accommodation/equipment sellers/operators, logistics/storage companies, payment companies/PG companies, identity verification institutions, customer support agencies, etc.
  • Third parties use personal information only within the scope of the performance purpose and destroy it after achieving the purpose unless otherwise required by law.
  • The latest list of third-party provisions and the items/purposes provided can be found at [Third-Party Provision Status Link to be inserted] (individual notice upon request until posted).

8. Overseas Transfer (Including Overseas Users)

  • Personal information may be transferred to processors or affiliates located overseas for cloud/content delivery, global customer support, etc.
  • The recipient, country, date/method of transfer, and retention period are announced at [Overseas Transfer Notice Link to be inserted], and for applicable regions such as GDPR, appropriate protective measures such as adequacy decisions and Standard Contractual Clauses (SCC) are implemented.

9. Outsourcing of Processing

  • We may outsource some tasks to external specialized companies for service provision (e.g., cloud/hosting, payment processing, identity verification, message/notification delivery, data analysis/monitoring, customer consultation).
  • The status of processors and scope of work are disclosed at [Processor Status Link to be inserted], and personal information protection obligations (technical/management protective measures, re-outsourcing restrictions, incident notification, etc.) are imposed in outsourcing contracts.

10. Cookies and Similar Technologies

  • We may use essential cookies (security/session maintenance) and functional/performance/analysis/marketing cookies.
  • You can manage consent/refusal through browser settings or a separate cookie banner/center (essential cookies cannot be refused).
  • For more information, please refer to [Cookie Policy Link to be inserted].

11. External Links

  • The Locarora Platform may contain links to third-party websites/services. Third-party service personal information processing is subject to the respective operator's policy, and we are not responsible for this.

12. Exercise of Data Subject Rights

  • You may request to view, correct, delete, suspend processing, or withdraw consent (including marketing) for personal information at any time through "My Account."
  • You may also submit requests to the contact below or privacy@locarora.com.
  • We may request additional information within a reasonable scope for identity verification and may refuse or limit requests within the scope permitted by law.
  • EU/EEA and UK users may exercise rights under GDPR (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object to processing, etc.). You also have the right to file a complaint with a supervisory authority.

13. Children's Personal Information

  • In principle, we do not allow membership registration for children under 14 years of age. If consent from a legal guardian is unavoidably required, relevant laws are complied with.

14. Safety Measures

  • We implement technical and management protective measures as required by law, including access authority management, access control system operation, encryption (during transmission/storage), access record retention/forgery prevention, malware prevention, physical access control, and establishment of internal management plans.
  • Industry-standard encryption technology is applied to online payments. However, complete security cannot be guaranteed due to the nature of the Internet, and we are not liable beyond the scope prescribed by law for unauthorized access/breach that occurs despite our reasonable protective measures.

15. Personal Information Protection Officer and Contact

  • Personal Information Department: privacy@locarora.com

You may submit inquiries, complaints, and requests for exercise of rights related to personal information processing, and we will respond and process them without delay.

16. Previous Versions

  • Previous privacy policies can be found at [Link to be inserted] (provided upon request until posted).

17. Supplementary Provisions

  • This policy was established on November 10, 2025, and will become effective after a 7-day grace period following announcement (except as otherwise provided by law).
  • For significant changes, notice will be given through platform announcements and email at least 7 days before the effective date (30 days before for changes adverse to users).