Gmarket - Korean No.1 Shopping Site, Hottest, Trendy, Lowest Price, Worldwide shipping available

1. Scope this Privacy Policy
: Gmarket Inc. (“Company”, “We”, “Our”, or “Us”) understands that you are aware of and care about your own privacy, and we take that seriously.

This Privacy Policy (this or the “Policy”) applies to your use of this website (global.gmarket.co.kr) or mobile application, (collectively the “Services”), regardless of how you access or use these Services, including access via mobile devices and apps.

If you are protected by Korean national law this Notice does not applies to you, please see the Korean version of the Privacy Policy to find out how we process and protect your personal data.

Please check the Policy from time to time when you visit our website, as the Policy may be amended pursuant to the government’s policy or out of necessity of the Company.

Date of Notification: 2023. 12. 06
Effective Date: 2023. 12. 12

2. Data Controller
: The Company is the data controller of personal data processed in relation to our service operated through Gmarket. You can contact the Company as follows;

Gmarket Inc.
34F, Gangnam Finance Center, 152, Teheran-ro, Gangnam-gu, Seoul, Korea
Tel: +82-2-1566-5701 (only in Korean)
Email: global@corp.gmarket.co.kr

3. Data Protection Officer and Contact
: We have appointed a Data Protection Officer to oversee the protection of your personal data relating to our Services. If you have any questions or complaints about this Policy or privacy issues in relation to the use of our services, you can contact the Data Protection Officer or a separate department in charge of protection of personal data.

Data Protection Officer
Name: Jeong Hoon, Kim
Department: Information Security Department
Email: privacy@corp.gmarket.co.kr
Tel: +82-2-589-8986
FAX: +82-2-589-8985

4. What Personal Data We Collect and Process

We collect your personal data when you use our Services, create a new Gmarket account, provide us with information via a web form, add or update information in your Gmarket account or otherwise interact with us. We do not collect any sensitive data (e.g. personal data revealing racial, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a natural person's sex life or sexual orientation or personal data relating to criminal convictions and offences).
In total, we collect the following personal data:

Personal data you provide when using our Services or creating an account

What Personal Data We Collect and Process
Purpose	Items	Retention period
Basic information to confirm identity, contact for notice of contract implementation and changes of terms and conditions, confirmation of personal intention, and customer complaint handling such as civil complaints	ID, password, email address	Retention period within 5 days after membership withdrawal or according to laws and regulations (however, 1 year after membership withdrawal if a fraudulent transaction is confirmed)
Prevention of fraudulent use, prevention of unauthorized use, provision of services and fulfillment of contracts	Date of visit, service use record and device information
Exclusion of fraudulent transactions (only when fraudulent transactions are confirmed after registration)	ID, email address, the reason for an illegal transaction, member status value at the time of withdrawal
Providing customized services, developing new services, and improving quality through service usage statistics and analysis and surveys	All items agreed upon at the time of collection, service use records, device information
*Customers may not agree to collection and use, and if you do not agree, membership registration may be difficult.

• Data that identifies you, such as your name, email addresses, ID, and password that you provide when setting up our Gmarket account or at a later date.
• Data regarding orders or purchases that you provide in a transaction
• Content that you share with other users through Services such as feedback, ratings, product reviews and associated comments.
• Financial information (e.g. credit card and bank account numbers, payment details) in connection with a transaction or Smile Cash management.
• Shipping, billing, and other information you provide in connection with the purchase or shipping of an item, as well as information required for customs clearance (such as tax identification numbers or other identification numbers) and relevant shipping information (such as shipment numbers and tracking information) if shipped through one of our programs.
• You may provide us with additional information through a web form or by inquiries, dispute resolution, participation of the any promotions or if you contact us for any other reason regarding our Services.
• Other data that we are required or entitled by applicable law to collect and process and that we need for your authentication or identification, or for the verification of the data we collect.

Personal data we collect automatically when you use our Services or create an account
• Data that is generated as part of one of your transactions (orders, purchases, shipping) or participation of any promotions or that is linked to your account as a result of a transaction in which you are involved, such as transaction amounts and time of transactions and payment methods
• Data that is generated through your other actions when you use our Services and which is linked to your Gmarket account, e.g. when you place items in your shopping cart, place items on the wish list, favorite shop, purchased shop or viewed items.
• Data regarding all other interactions with our Services, your communications with us.
• Computer and connection information, such as your IP address, date and time of your access, your browser type, referral URL, device ID or individual device identifier, operating system type and version, Session ID, wireless carrier, and cookie-related data (e.g. cookie ID).
For more information about our use of these technologies and your choices, see 10. Cookies.

5. Purposes and Legal Basis for Data Processing and Categories of Recipients
: We process your personal data for various purposes and pursuant to various legal bases. We process your personal data primarily to provide and improve our Services, to contact you about your Gmarket account and our Services, to provide customer service, and to detect, prevent, mitigate and investigate fraudulent or illegal activity.

We process your personal data in order to fulfil our contract with you and to provide you with our Services. This includes the following purposes:
• Processing of data relating to you or your company for the purpose of entering into a contract with you and executing it.
• Provision of our Services, including but not limited to enabling and performing transactions with other users (including the transmission of your personal data to other users where necessary to perform the transaction, including in cases of terminated, failed or subsequently voided transactions), providing and enhancing features such as payment processing, ratings and Gmarket account management, providing other services you may use (as described in connection with such services), and ensuring the functionality of our Services. In connection with the provision of our Services, we will send you notifications relating to the execution of transactions and the use of our Services in accordance with the communication preferences in your Gmarket account.
• Enabling the delivery of purchased items by logistics/shipping service providers including notifications in connection with the delivery (such as tracking information), the latter to the extent permitted by applicable law without your consent.
• Provision of our payment services.
• Solution of problems with your Gmarket account, arbitration of disputes, providing other services and within the scope of customer service. For these purposes, we may contact you via notification email or push notification on your mobile device.
• Enforcement of our User Agreement, this Privacy Policy and other rules and policies.

We process your personal data in order to comply with legal obligations to which we are subject. This includes the following purposes
• Participation in proceedings (including judicial proceedings) conducted by public authorities or government agencies, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
• Prevention, detection and mitigation of illegal activities
• Ensuring the information security of our Services.
• Retention and storage of your personal data to comply with specific legal retention requirements.

We process your personal data in order to protect your vital interests or the vital interests of another natural person. This includes the following purposes:
• Prevention, detection, mitigation and investigation of unlawful activities that may result in impairment of your vital interests or the vital interests of another natural person, unless there is a statutory obligation to this effect.

We process your personal data where necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. In order to reconcile our legitimate interests with your rights, we have introduced appropriate control mechanisms. On this basis, we process your data for the following purposes:
• Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation to this effect, and we may legitimately assume that the disclosure of the data is necessary to avert imminent disadvantages or to report a suspicion of an illegal act. In such cases, we will only disclose what we believe is necessary.
• Protection of the legitimate interests of third parties in connection with civil law disputes, unless there is a statutory obligation to this effect, if we may legitimately assume that it is necessary to disclose the data to such third parties in order to avert imminent disadvantages.
• Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks, unless there is a statutory obligation to this effect.
• Monitoring and improvement of the information security of our Services, unless there is a statutory obligation to this effect.
• Performance of identity checks, evaluation of applications and comparison of information for accuracy and verification purposes.
• Provision of functions for users that make the processing of transactions easier or more convenient (e.g. translation of the Services, administration of several delivery addresses).
• Analysis and improvement of the Services from us e.g. by reviewing information from users about blocked or crashed pages in order to identify and solve problems and to provide you with an improved user experience, including as part of product development.
• To the extent permitted by applicable law without your consent, communications with you via email to offer you vouchers, discounts and special offers and to inform you about our Services. If you do not wish to receive marketing communications from us, you can also unsubscribe by clicking on the link in the email you received.
• Assertion of or defence against legal claims, including those asserted by one user against another user.

We may also process your personal data on the basis of your consent, which you have given so that we or third parties can enable you to use certain services or make them available to you.

We will not make any automated decisions about you that would significantly affect you unless such a decision is necessary for entering into, or the performance of, a contract with you, we have obtained your consent, or we are required by applicable law to use such technology. You will find information on your right to object to this processing of your data below under Rights as a data subject.

6. Categories of Recipients

Without your consent, we will not pass on your personal data to third parties for their marketing or advertising purposes, nor will we sell or otherwise make it available to third parties for a fee. We only disclose your personal data when it is necessary for the purposes mentioned in this Policy.

We may share your data with third party service providers who provide services on our behalf. We have contracts in place with these service providers. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organization apart from us. They will hold it securely and retain it for the period we instruct.

When necessary, we transmit your personal data to following data processors and recipients for one or several of the purposes described in this Policy:
• Other Gmarket users, which includes sellers
• External service providers and shipping companies
• External service providers who facilitate events or promotions on our behalf
• External service providers who provide customer services or fraud monitoring on our behalf
• Payment service providers including the PayPal Inc. group of companies
• External operators of websites, applications, services and tools
• Law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies
• Third parties who are involved in judicial proceedings, in particular, if they submit a legal order, court order or equivalent legal order to us.

Categories of Recipients
Recipients	Provided items	Purpose of provision	Retention and use period
Seller [Sellerlist]	ID, name, phone number, mobile phone number, delivery address, e-mail address (if selected), personal customs clearance code (if selected), date of birth (if selected), common entrance access number (if selected)	Handling of tasks necessary for the implementation of information and communication service provision contracts and e-commerce (mail order sales) contracts, such as product and gift (service) delivery (transmission), product installation, return, refund, customer consultation, etc.	1 month after the end of the purchase service
jejudo.com, INTERPARK, WEBTOUR, Modetour, Sunmin Air Travel Agency, WHYPAYMOREWHYPAYMORE, jeju.com, Travel Is Easy(Kyowontour)	Name, mobile phone number, email, gender, date of birth, nationality	Reservation and confirmation of domestic ticket products, and response to related inquiries	1 month after service start (boarding date)
Competent tax office	Personal information of the orderer (address, name, date of birth), order date, product name, quantity, order amount, etc.	Provided by the tax office with quarterly details for orders for mail order sales of alcoholic beverages according to the notification of the National Tax Service	Use for up to 4 months
ASIANA Airlines	Asiana Club membership number	Earn points	Service offering period
AMORE PACIFIC	Beauty point card number, purchase information, CI	Accumulation of beauty points and conversion of points	Service offering period
SK planet	Name, OK CASHBAG card number	Identification when accumulating points	2 years after earning
FingerVerse	CI, mobile phone number	Cash Factory service provision and response to related inquiries	Service offering period
SSG.COM	Connecting Information(CI)	Smile Club membership linkage, provision of membership services and benefits, prevention of duplicate registration	When withdrawing from membersh ip
Wesang LLC(Yogiyo)	(For Gmarket members) Membership number, delivery address, latitude and longitude (used only for store search and delivery availability), delivery address phone number (mobile phone number) (For non-members) Non-member orderer email, delivery address, latitude and longitude (used only for store search and delivery availability), delivery destination phone number (mobile phone number)	Provision of food delivery service and response to customer inquiries	Service offering period

7. International Data Transfers

Some recipients of your personal data are located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. When transferring personal data to such recipients, we provide appropriate safeguards.

Other data transfers
We will only transfer your personal data from the European Economic Area (EEA) to third countries, i.e. countries outside the EEA, on the basis of appropriate safeguards. Third countries providing an adequate level of data protection according to the European Commission currently include Andorra, Argentina, Canada (for companies covered by the Personal Information Protection and Electronic Documents Act), Switzerland, the Faroe Islands, Guernsey, the State of Israel, the Isle of Man, Japan, Jersey, New Zealand and Uruguay. In other cases, we provide the necessary safeguards, e.g. through the conclusion of data protection contracts adopted by the European Commission (e.g. standard data protection clauses (2010/87/EU, 2001/497/EC or 2004/915/EC)) with the recipients, or through other measures provided for by law. A copy of the documentation of the measures taken by us is available on request.

Status of consignment for overseas processing of personal information

International Data Transfers
Transferee	Country of Transferee	Transfer date and method	Items to be transferred	Purpose of use	retention and use period
JET-F WORLDWIDE EXPRESS CO. (Tel: (03)3834619)	Taiwan	1. Transfer via encrypted file when legal name authentication is required 2. When the buyer authenticates the legal name, check whether the legal name is authenticated through the API method	Recipient's name and contact information	Personal legal name authentication for customs clearance	Immediate destruction after confirmation of personal legal name authentication for customs clearance
Paypal (service@paypal.com)	United States of America	API calls provided by PayPal when making payments	E-mail	Paypal payment processeing	5 years
Users have the right to refuse the transfer of their personal information abroad. However, please note that if you choose not to consent, it may result in restrictions on the provision of our services.

8. Storage Duration and Erasure
: As a general rule, the Company retains and uses customer’s personal data for as long as it is required in order to fulfil the relevant purposes described in this Policy. Once the purposes of collection and use of the personal data are achieved, it is without delay destroyed (provided, however, that the personal data will be destroyed after two (2) months from the date of termination of a shopping service user agreement (“User Agreement”) to prevent re-registration during the re-registration probation period).

However, if required to retain personal data pursuant to applicable laws, we retain user’s personal data for such duration as prescribed thereby.

Destruction process
The period of retention and use of collected personal information is from the signing of the service use contract (membership registration) to the termination of the service use contract (including application for withdrawal and ex officio withdrawal). In addition, upon the termination of consent, the company destroys the user's personal information without delay except for data stored for a certain period according to the reasons for retaining the information specified above and instructs the trustee to destroy the personal information if the processing of personal information is entrusted to a third party.

Destruction method
Destruction method User's personal information is destroyed without delay after the purpose of collection and use is achieved. Personal information printed on paper is destroyed by shredding or incineration, and personal information stored in electronic file format is destroyed using a technical or physical method that cannot reproduce records.

9. Rights as a Data Subject
: Users can access and make corrections to their personal information through the “Information Modification” on the Gmarket website, at any time. Also requests for access, correction or deletion can be made via email or in writing. If the user’s personal information has been provided to or processed by a third party, the user has the right to request its disposal to the company or ‘the third party’. However, certain information, such as the user’s ID, name, resident registration number and foreigner registration number, may not be subject to correction. In case of name changes due to personal identity modifications or changes in resident(business) registration numbers due to administrative issues may be expected. The correction or deletion of information may be restricted if it is prohibited or limited under other laws. Moreover, in cases where a request for the correction of personal information errors has been made, we will not use or provide such information until the correction is completed, except in situations where we are required by other laws to provide personal information. If incorrect personal information has already been provided to a third party, we will notify them of the correction results to ensure the correction is made..

Your rights in detail:
• You can withdraw your consent to the processing of your personal data by us at any time. As a result, we may no longer process your personal data based on this consent in the future. The withdrawal of consent has no effect on the lawfulness of processing based on consent before its withdrawal.
• You have the right to obtain access to your personal data that is being processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the personal data’s source (where they are not collected from you), the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details. Your right to access may be limited by national law.
• You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• You have the right to obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to erasure may be limited by national law.
• You have the right to obtain from us restriction of processing to the extent that
- he accuracy of the data is disputed by you,
- he processing is unlawful, but you oppose the erasure of the personal data,
- we no longer need the data, but you need it to assert, exercise or defend legal claims or
- you have objected to the processing.
• You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller ('right to data portability').
• You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or your place of work.
• If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to profiling. If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing.

The exercise of the above data subjects' rights (e.g. right to access or erasure) is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge an appropriate fee (at most our actual costs) in accordance with the applicable statutory regulations or refuse to process the application.
You have the right to withdraw your consent regarding the collection, use, and provision of your personal information at any time, as long as you previously consented to these actions during the membership registration process. To withdraw your consent, please click on the "Withdrawal Request" on our website or contact us via writing or email. We will promptly take the necessary actions, including deleting your personal information. However, it is essential to keep in mind that in accordance with legal requirements or the terms and conditions of our company, there may be cases where we are obligated to retain your personal information. In such cases, you will be required to provide your user ID and personal identification information for the purpose of verifying your identity. Please note that withdrawing your consent may lead to certain limitations on using our services, and you may not be able to access some or all of the services.

10.Cookies
: A cookie is a small text file that a website saves on your computer or mobile device when you visit the website. We use cookies to enhance your experience when using our website. You can refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you refuse cookies, you may not be able to access certain services provided by the Company that require cookies.

Users have the option to install cookies and can allow or deny cookies through cookie settings in Settings > Privacy > Cookies and other site data paths at the top of the web browser. However, refusing to install cookies will make inconvenience to use the web and may be difficult to use some services that require sign in.

11. Data Security
: We protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration. To this end we use firewalls and data encryption, for example, as well as physical access restrictions for our data centres and authorisation controls for data access.

12. Children’s Privacy
: Our services are not intended for use by children. We do not knowingly collect personal data from users who are considered children under applicable national laws. According to our User Agreement, children are not permitted to use our Services.