Article 1. Purpose and Scope
This GDPR Compliance Notice explains how HANKATONG LTD and TTEUGEOUNCHEONGCHUN Co., Ltd. handle personal data in a manner aligned with the EU General Data Protection Regulation, the UK GDPR, and related data protection principles when those rules apply.
HANKATONG provides a Korea travel payment service built around an anonymous prepaid card with transportation card functions, supported by recharge, payment, refund, customer support, digital and telecom add-ons, and partner benefits. This Notice should be read together with the HANKATONG Privacy Policy.
This notice is provided in English as the reference version for GDPR/UK GDPR-related information.
Article 2. When GDPR May Apply
GDPR or UK GDPR may apply when HANKATONG offers goods or services to individuals located in the European Economic Area or the United Kingdom, or when personal data processing is otherwise subject to those laws.
HANKATONG is primarily designed for international visitors traveling to Korea. Access to the website from Europe alone does not necessarily mean GDPR applies to every interaction, but HANKATONG applies privacy-by-design principles broadly because travelers may purchase, inquire, or receive support before arriving in Korea.
Article 3. Controllers and Service Roles
HANKATONG LTD is responsible for global sales and customer-facing service operation. TTEUGEOUNCHEONGCHUN Co., Ltd. supports Korea-based operations, partnerships, customer response, and local business support.
Payment system and electronic financial transaction functions connected to the HANKATONG card may be operated by i-Aurora co., Ltd. Depending on the specific service, each party may act as an independent controller, joint operator, processor, service provider, or payment system operator under applicable law and contract.
Article 4. Personal Data We May Process
HANKATONG minimizes the personal data it collects, especially because the card may be used as an anonymous prepaid card where legally and operationally permitted. Depending on how a user purchases or uses the Service, the following data may be processed.
- Customer and support information: name, nationality, email, phone number, inquiry details, language preference, and support records
- Order and delivery information: order number, product selection, payment status, pickup or delivery information, and receipt information
- Card and transaction information: partial card number, registration status, recharge, payment, refund, merchant, transaction time, amount, balance, and usage history where available
- Payment and refund information: payment method, authorization data, refund account or refund processing information
- Technical data: IP address, cookie identifiers, device information, browser, operating system, log data, security records, and app usage data
- Partner benefit information: coupons, cashback, vouchers, event participation, and benefit usage records
Article 5. Legal Bases for Processing
Where GDPR or UK GDPR applies, HANKATONG relies on one or more lawful bases depending on the processing context.
- Contract performance: to sell cards, provide the Service, process recharge, payment, refund, customer support, delivery, and partner benefits
- Legal obligation: to comply with tax, accounting, consumer protection, electronic financial transaction, fraud prevention, and regulatory duties
- Legitimate interests: to secure the Service, prevent misuse, improve operations, manage partners, respond to disputes, and maintain service quality
- Consent: for optional marketing, certain cookies, optional notifications, or other processing where consent is required
- Vital or public interests: only where exceptionally required by law or safety-related circumstances
Article 6. Anonymous Prepaid Card and Data Minimization
The HANKATONG card is designed to support anonymous prepaid card use where permitted. This means HANKATONG does not intentionally require more identity information than needed for purchase, delivery, recharge, refund, customer support, legal compliance, or partner services.
Some functions may still require additional information. For example, refunds, account-linked services, card loss reports, abnormal transaction reviews, telecom products, or regulatory requirements may require identity verification, contact information, card information, or transaction history.
Article 7. Recipients and Sharing
Personal data may be shared only within the scope necessary to provide and protect the Service. Recipients may include payment processors, i-Aurora co., Ltd., card service operators, merchants, card pickup or delivery partners, telecom partners, benefit partners, logistics providers, customer support providers, cloud and security providers, analytics providers, professional advisers, and legally authorized authorities.
HANKATONG requires service providers and partners to process data only for permitted purposes and to apply appropriate confidentiality and security measures.
Article 8. International Transfers
Because HANKATONG serves travelers visiting Korea and operates across jurisdictions, personal data may be transferred to or processed in countries outside the EEA or the United Kingdom, including Korea and other countries where service providers are located.
Where GDPR or UK GDPR requires transfer safeguards, HANKATONG will use appropriate mechanisms such as adequacy decisions, standard contractual clauses, contractual protections, technical safeguards, or other lawful transfer tools as applicable.
Article 9. Retention
HANKATONG keeps personal data only for as long as necessary for the purpose for which it was collected, including service provision, customer support, refunds, accounting, tax, legal compliance, dispute resolution, fraud prevention, and electronic financial transaction record obligations.
Data that is no longer needed is deleted, anonymized, or separated from active systems according to applicable law and internal procedures. Some transaction, refund, settlement, and support records may be retained for legally required periods.
Article 10. GDPR and UK GDPR Rights
Where GDPR or UK GDPR applies, users may have the right to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, and review of certain automated processing.
These rights may be limited where HANKATONG must retain information for legal obligations, transaction safety, settlement, dispute handling, fraud prevention, or service integrity. HANKATONG may request information needed to verify the requester before processing a rights request.
Article 11. Cookies, Analytics, and Marketing
HANKATONG may use cookies or similar technologies for website operation, login status, language settings, security, fraud prevention, analytics, and service improvement. Where required, optional analytics or marketing cookies are used only with consent.
Marketing messages are sent only where permitted by law or with consent where required. Users may opt out of marketing communications through the provided unsubscribe method or by contacting customer support.
Article 12. Security Measures
HANKATONG applies reasonable technical and organizational measures to protect personal data, including access control, encryption where appropriate, log management, employee access limits, partner management, secure transmission, backup controls, monitoring, and internal procedures.
No system can be guaranteed to be completely secure, but HANKATONG works to reduce risks and respond to suspected incidents according to applicable law and operational procedures.
Article 13. Automated Decisions and Fraud Prevention
HANKATONG may use automated or semi-automated checks to detect abnormal transactions, suspected fraud, misuse of benefits, security risks, or service abuse. These checks help protect users, partners, and the payment ecosystem.
HANKATONG does not intend to make decisions based solely on automated processing that produce legal or similarly significant effects on users without appropriate human review where required by applicable law.
Article 14. Children and Minors
The Service is generally intended for adult travelers or users with appropriate consent from a legal representative. If HANKATONG learns that it has processed personal data of a child in a way that requires parental consent or other protection, it will take reasonable steps according to applicable law.
Article 15. Privacy Contact
Privacy and GDPR Contact
Company: HANKATONG LTD and TTEUGEOUNCHEONGCHUN Co., Ltd.
Address: Office 10779, 182-184 High Street North, London, E6 2JA, United Kingdom
Address in Korea: 11F S06, 410, Teheran-ro, Gangnam-gu, Seoul, Republic of Korea
Personal Information Protection Officer: NAM KIBUM
Phone: +82-70-8691-4688
Email: cs@hankatong.com
Users in the EEA or the United Kingdom may also have the right to lodge a complaint with their local data protection authority, depending on applicable law.
Article 16. Changes and Effective Date
This Notice may be updated due to changes in law, service structure, payment system policy, partner policy, or personal data processing practices. Material changes will be announced through the website, application, email, or another appropriate method.
Effective Date
This GDPR Compliance Notice is effective from June 7, 2026.
