Nerdso

NERDSO

Find your destination...

Hanbok history tourCinematic Hanbok Tour

Your Trust Matters

Privacy Policy

This Privacy Policy explains how Nerdso collects, uses, and protects your personal information when you use our tour services.

We do not operate a separate account registration system. We collect only the minimum information necessary during the tour booking process.

Required Information

  • • Booker's name
  • • Email address
  • • Mobile phone number
  • • Tour product details
  • • Number of participants
  • • Tour date and schedule information

Optional Information

  • • Names of tour participants
  • • Nationality
  • • Language preference
  • • Additional requests (e.g. allergies, dietary restrictions)

Payment Processing

  • • Payment is arranged through direct communication with you (by email or WhatsApp). We do not operate an automated online payment module at this time.
  • • We do not collect or store your card numbers or financial account details on our systems.
  • • If we introduce an online payment provider (such as PayPal) in the future, we will update this Policy accordingly.

Automatically Collected

• IP address

• Cookies

• Date and time of visit

• Usage logs

• Device information

• Browser information

We use personal data only for the following purposes:

Tour Booking and Operation

  • • Receiving and confirming reservations
  • • Providing tour information and updates
  • • Informing you of schedule changes or cancellations
  • • Supporting on-site operations (sharing info with guides and photographers)

Payment and Settlement

  • • Confirming payments
  • • Processing refunds
  • • Issuing receipts
  • • Performing accounting and settlement

Customer Support

  • • Responding to reservation and tour-related inquiries
  • • Conducting internal analysis to improve service quality

Marketing — with your consent only

  • • Sending information about events and promotions
  • • Requesting reviews or feedback
  • • Sending emails you have agreed to receive

We process your personal data only where we have a valid legal basis to do so. Depending on the situation, we rely on one or more of the following grounds:

Performance of a Contract

We process your booking details — such as your name, contact information, number of participants, and schedule — to receive and confirm your reservation and to operate your tour. This includes communicating with you by email or WhatsApp to arrange, confirm, or update your booking and to guide payment.

Consent

We rely on your consent for optional information (such as nationality, language preference, or special requests) and for sending marketing or promotional messages. You may withdraw your consent at any time without affecting your existing booking.

Legal Obligation

We retain certain transaction and booking records where required by applicable tax, accounting, and e-commerce laws, as described in the Retention Period section below.

Legitimate Interests

We may process limited data to maintain the security of our Services, prevent fraud, and improve the quality of our tours, provided these interests are not overridden by your rights and freedoms.

Communication via Email & WhatsApp

When you share information with us — or we contact you — by email or WhatsApp to arrange your tour and guide payment, we process that information on the basis of performing our contract with you. Please note that WhatsApp messages are delivered through a third-party messaging service, which processes data under its own privacy terms and may transfer data internationally.

We retain personal data only as long as necessary to fulfill the purposes described above or to comply with legal obligations. After expiration, data is deleted or anonymized without undue delay.

Legal Retention Requirements

Contracts or withdrawal of offers5 years
Payments and provision of services5 years
Consumer complaints or dispute resolution3 years

We do not sell or rent your personal data. We do not disclose it except:

  • • Where you have given explicit, prior consent
  • • Where required by law, regulation, or a lawful request of a public authority

Tour Operation Partners

We may share limited information with local guides, photographers, and transportation providers:

Data Provided

Name, contact details, tour schedule, number of participants, language, and special notes

Purpose

Tour operation, customer communication, and safety management

Retention

Until tour completion and any related settlement or dispute handling are finished

To operate our Services, we entrust limited personal data to the providers below. Each provider is contractually required to handle your data securely and to use it only for the tasks described.

Amazon Web Services (AWS SES)

Sending booking and inquiry confirmation emails — name, contact details, inquiry content

Wassenger (WhatsApp messaging)

Sending booking notifications to guests via WhatsApp — name, phone number, booking details

Vercel

Website hosting and processing of form submissions

Google (Gmail)

Receiving and managing customer inquiries

Some of the providers above operate servers located outside the Republic of Korea. Where this is the case, your personal data may be transferred internationally to provide the Services you request. We take steps to ensure your data remains protected in accordance with applicable law.

Wassenger / WhatsApp — guest notificationsOverseas
Vercel — hostingUnited States
Google — inquiry handlingUnited States

Safeguards for Transfers

Where personal data of individuals in the European Economic Area or the United Kingdom is transferred to a country that has not received an adequacy decision, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms offered by the receiving provider. The Republic of Korea, where we are based, holds an EU adequacy decision.

You may contact us at any time if you have questions about how your data is handled abroad, if you wish to object to a particular transfer, or to request a copy of the relevant safeguards.

You may request access to, correction of, deletion of, or restriction of processing of your personal data, to the extent permitted by applicable law. To exercise any right, contact us using the details in the Data Controller section below. We may verify your identity before responding to prevent unauthorized access, and we will reply within the timeframe required by applicable law.

Additional Rights for the EEA, UK & Similar Jurisdictions (GDPR)

If you are located in the European Economic Area, the United Kingdom, or another region whose laws grant equivalent rights, you also have the right to:

  • • Object to processing that is based on our legitimate interests
  • • Receive the data you provided in a structured, machine-readable format, and have it transmitted to another controller where technically feasible (data portability)
  • • Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal
  • • Not be subject to a decision based solely on automated processing — we do not currently make such decisions
  • • Lodge a complaint with your local data protection supervisory authority

We do not charge a fee for exercising these rights except where permitted by law, and we will not discriminate against you for doing so.

We use cookies and similar technologies for the purposes below. You can manage non-essential cookies through your browser settings or, where applicable, a consent prompt on our website.

Essential Cookies

Required for the website to function, such as security and basic navigation. These are always active.

Analytics Cookies — with your consent where required

Used to understand how visitors use our website so we can improve our Services. If we introduce an analytics provider (such as Google Analytics or Vercel Analytics), we will identify it here and, where required by law, obtain your consent before setting these cookies.

You can configure your browser to refuse or delete cookies. If you do, some features may not function properly.

We implement appropriate measures to protect personal data from unauthorized access, loss, misuse, or alteration.

Administrative

  • • Authorized personnel only
  • • Regular staff training
  • • Internal policies

Technical

  • • Encryption & secure storage
  • • Access control
  • • Security software
  • • Logging & monitoring

Physical

  • • Facilities access control
  • • Secure document storage

The following entity is responsible for processing your personal data under this Policy. Please reach out with any questions or requests regarding your data.

Company

Nerdso (너드소)

Representative (CEO)

Sangbong Jeong

Business Registration No.

172-32-02089

Address

14, Mallijae-ro, Mapo-gu, Seoul, Republic of Korea

Privacy Officer

Sangbong Jeong

Tel

+82-10-2635-6249

We will respond promptly and in good faith.

This Policy may be updated to reflect changes in legal requirements or our Services. Material changes will be indicated with an updated date and notice on our website.

Continued use of our Services after changes take effect constitutes acceptance of the revised Policy.

Last Updated — June 2026