|
1. Collection and Use of Personal Information
A. We collect personal information to verify the identity of our customer and confirm his or her intent to use our services to provide optimal
custom-designed services to the customer. We collect only the minimum information necessary to help a customer to use our services, when the
customer first signs up to be a member. We may additionally collect information necessary for payment, delivery of goods and services, refund and
the like, following customer¡¯s use of our services.
B. We do not use the personal information for any purpose other than that set forth herein or disclose such information to any third party without the consent of the customer.
C. We collect and use personal information for the following purposes described below. However, customer¡¯s resident registration number is used solely for other purpose of verification of his or her real name and is not collected. We may, after notification, collect a resident registration number if it is inevitable to collect and store it and bank account information pursuant to applicable laws and regulations (including without limitation, the
Framework Act of National Tax, the Electronic Financial Transactions Act), and mobile phone number information if it is inevitable to collect and
store it for the settlement of payment through the small-sum settlement on using the mobile phone, and so on.:
1) Non-member
- Name, resident registration number, I-PIN and password: to verify his/her identity for the use of our services
- E-mail address, telephone number and mobile phone number: for communications to facilitate transactions, confirm his/her intent,
handle complaints, give updates on services and notifications, and so on
- Name, address and telephone number of a recipient: to verify the destination for delivery of goods and free gifts
- Bank account information, and mobile phone number information: to provide settlement services
2) Member Who Is a Buyer
- Name, resident registration number (or legal alien registration number), ID, password, I-PIN number, date of birth (including year), and related
information: to verify his/her identity for the use of our services; provide services provision of which is subject to age restrictions; handle complaints, and so on
- Name of representative, business registration number, and contact number (for business): to provide services to a member that is a business
operator, and so on
- E-mail address, telephone number, mobile phone number and address: for communications to facilitate transactions, confirm his/her intent,
handle complaints, give updates on services and notifications, and so on
- Name, address and telephone number of a recipient: to verify the destination for delivery of goods and free gifts, and so on
- Bank account information, mobile phone number information: to provide settlement services, and so on
3) Member Who Is a Seller
- Name, resident registration number (or legal alien registration number), ID, password: to verify his/her identity for the use of our services; provide services provision of which is subject to age restrictions, and so on
- Name of representative, business registration number, and contact number (for business): to provide services to a member that is a business
operator, and so on
- E-mail address, telephone number, mobile phone number and address: for communications to facilitate transactions, confirm his/her intent,
handle complaints, give updates on services and notifications, and so on
- Name, address and telephone number of a recipient: to verify the destination for the delivery of goods/services and free gifts, and so on
- Credit card information, bank account information, mobile phone number information: to provide settlement services (including remittance of
payments for goods/services), and so on
4) Other
In the course of your using our services or transaction processing, the following information may be automatically generated and collected:
- IP address, date and time of visit, records of use of our services: to prevent unauthorized use and misbehaviors in the use
D. In the case of collecting personal information of a customer, the Company will collect the information with his/her consent, and will not collect
information on race, origin, legal domicile of origin, religion, political disposition, criminal records, health condition and other information likely to
infringe on the fundamental rights of customers, unless upon the consent of the relevant individual or required by law.
E. We may collect personal information in the following manner:
1) collection on/through the Company¡¯s homepage, in writing, by facsimile, by phone, through your contacting a customer center, and through your participating in an event; and
2) automatic collection through tools to collect generated information
2. Provision and Sharing of Personal Information to or with a Third Party
A. We will use customers¡¯ personal information only for the purposes and within the scope of use identified in ¡°Collection and Use of Personal
Information¡± Section above. We will not use the personal information beyond such scope without the prior consent of the relevant individual, and as
a general rule, we will not provide the information to any third party, except as set out below.
1) if disclosure or provision to a third party is in advance consented by the relevant individual; or
2) if required by law, or if requested by the law enforcement or competent authority pursuant to the procedures and methods through due process
prescribed by applicable laws and regulations for the purpose of criminal or other investigation.
B. If placement of an order or payment is made for a transaction through services provided by the Company, we may provide the other party thereto with relevant information to help such other party to carry out the transaction (including but not limited to delivery), or to facilitate communications
between the parties thereto (including but not limited to consultation), but in any event only to the extent necessary.
C. If otherwise necessary to provide personal information to a third party, we may provide or share personal information to or with a third party upon consent from customers through due process. The recipients to which we provide the personal information with consent from customers, and the purposes of their uses are set out below.
Recipients and Purposes of Use
| Recipients |
Purposes of Use |
Items of Personal Information to
Be Provided |
Duration of Retention and Use |
Small and Medium Business
Administration / Agency for
Traditional Market Administration |
Services to operate traditional
markets |
Sellers¡¯ names, addresses,
contact numbers and email
addresses |
From when separate consent
is obtained by the Company,
until the earlier of (i) the expiry of the duration of provision of
services by the applicable third
party or (ii) the termination by the customer of the services
provided by the applicable third
party |
| TicketMonster Inc. |
Guidance of subscription to
services of affiliated members,
and advertisement of its own
and affiliated companies¡¯
products via transmission of DM, SMS |
Names, phone numbers and
email addresses |
| Hyundai Card Co., Ltd. |
Consultation of issuance of
credit cards by use of inbound
calls |
Names, and contact numbers |
3. Outsourcing of Processing of Personal Information
A. We may outsource personal information processing services to third party service providers to facilitate and improve our services.
B. In relation to processing of personal information, we outsource such tasks as set out below to third-party service providers and, when executing outsourcing contracts with them, take measures necessary to ensure security in the management of personal information. Further, information
processed through outsourcing arrangements is limited to the minimum information necessary to facilitate provision of our services. Our third-party service providers for the processing of personal information of our customers and the purposes of outsourcing are set out below.
| Third-party Service Providers |
Outsourced Tasks |
| SETTLEBANK Inc. |
Verification of accounts |
| LG Uplus Corp. |
Verification of real names/accounts |
| NICE Information Service |
Verification of mobile phones, I-PINs, duplicate subscriptions, and
related information |
| Mobilians Co., Ltd |
Processing of payment via mobile phone and T-money |
| KCP Co., Ltd., KSNET Inc., NICE Information Service |
Processing of payment by credit card |
| DANAL Co., Ltd |
Processing of payment by T-money |
| LG Uplus Corp., KFTC (KOREA FINANCIAL TELECOMMUNICATIONS & CLEARINGS INSTITUTE) |
Processing of payment by credit transfer between CMA accounts with securities firms (per firm) |
| KEB (Korea Exchange Bank) Credit Card Service |
Processing of payment by credit card issued overseas |
Korea Express Co., Ltd., DPD(Dynamic Parcel Distribution GmbH &
Co. KG) |
International delivery |
| CJ, GS Holdings |
Delivery to islands |
| CJ, GS Holdings, CVSnet, HANJIN Corporation |
Services of return, exchange and collection |
| HANJIN Corporation |
Integrated door-to-door delivery services |
| Transcosmos Korea Inc., UBASE Inc., Decipher, Inc. |
Survey for new services, improvement of services, customer
satisfaction and so on; services of making phone calls and
transmission of voice messages; monitoring of transactions for safe commercial transactions; and customer services |
| C¡¯SQUARE SOFT |
Operation of reservation and ticketing services |
Korea Productivity Center, KODIMA Co., Ltd., OCU(Open Cyber
University), SEDA(Small Enterprise Development Agency) |
Provision of services of conducting education of sellers |
| KT Corporation |
Provision of SMS transmission network services and services of
receipt of do-not-send requests |
| Event and Promotion (Specifics of third-party service providers) |
Delivery of free gifts for events; acting as an agent for the
administration of winners and for the filing of tax reports of income tax on awarded free gifts |
| LG Uplus Corp. |
Provision of services to issue temporary phone numbers for safety
purposes |
4. Duration of Retention and Use of Personal Information and Destruction
As a general rule, we retain and use customer¡¯s personal information for the notified and agreed durations and once the purposes of collection
and use of the personal information are achieved, it is without delay destroyed; provided that the following information may be retained for such
duration for such reasons as set out below:
A. Retention pursuant to applicable laws and policies of the Company
If required to retain personal information pursuant to applicable laws, including without limitation the Commercial Code, we retain user¡¯s personal
information for such duration as prescribed thereby, in which case the Company will use the information solely for the purposes of retention, and
applicable durations of retention are set out below.
1) Records on contracts or withdrawal of offers and the like
- Reasons for retention: Article 6 of the Protection of Consumers in e-commerce and Other Transactions Act (¡°e-Commerce Act¡±); and Article 6 of
the Enforcement Ordinance thereof
- Duration of Retention: 5 years
2) Records on payment settlement and supply of goods, etc.
- Reasons for retention: Article 6 of the e-Commerce Act; and Article 6 of the Enforcement Ordinance thereof
- Duration of Retention: 5 years
3) Records on processing of customer disputes and complaints
- Reasons for retention: Article 6 of the e-Commerce Act; and Article 6 of the Enforcement Ordinance thereof
- Duration of Retention: 3 years
4) Records on verification of identity
- Reasons for retention: Article 44-5 of the Act concerning Promotion of Utilization of Information and Communications Networks and Protection of
Information, etc. (the ¡°IC Network Act¡±); and Article 29 of the Enforcement Ordinance thereof
- Duration of Retention: 6 months
5) Records on access
- Reasons for retention: Article 15-2 of the Communications Secrecy Protection Act; and Article 41 of the Enforcement Ordinance thereof
- Duration of Retention: 3 months
6) Records on misbehaviors in the use of services
- Reasons for retention: Retention pursuant to the Company¡¯s policies, such as, prohibition of misbehaviors (Article 37 of the Terms and
Conditions of Use of Shopping Services of Gmarket)
- Duration of Retention: 1 year
B. The duration of retention / use of collected personal information will start from when a shopping service user agreement (¡°User Agreement¡±) is
entered into (i.e., signing up for a membership) and end when the User Agreement is terminated (including, but not limited to, applying for
withdrawal from the membership, and discretionary withdrawal/dismissal). Further, in the case of termination of the User Agreement upon mutual agreement, the Company will without delay destroy all of your personal information other than contained in materials required to retain for a certain period for the afore-mentioned reasons for data retention, and will also instruct its third-party service providers to destroy the personal information
provided to them for the outsourcing of data processing.
C. Method of destruction
Your personal information will be destroyed without delay if the purposes of collection and use of the personal information are achieved. If printed
on paper, your personal information will be destroyed by shredding or incinerating the paper documents or otherwise and, if saved in the form of
electronic files, your personal information will be destroyed by technical means making the records non reproducible.
5. Cookies
A. Purpose of Use of Cookies
1) We use cookies to save and find information about the members¡¯ accounts in order to provide personally
customized services to the members. A cookie is a small text file of information about the basic setting of a website, sent by the website¡¯s web
server to the web browser of a user of the website, and it is stored in the hard disc of the computer used by you.
2) We can provide you with particular customized services that can be possible only by use of cookies.
3) We may use cookies to identify members and recognize them remaining in a log-in status.
B. Installation and Operation/maintenance of Cookies and Refusal thereof
1) You have an option to accept or refuse installation of cookies. Therefore, you can choose the options of your web browser to accept all cookies,
to receive notice when cookies are installed, or to refuse all cookies.
2) However, if you refuse cookies, you may not be able to access certain services that require cookies.
6. Rights of Members
A. You may at any time access, check or correct your registered personal information at the ¡°Information Correction¡± page of Gmarket. If you make a request for checking or correction of it to our Privacy Officer in writing or by e-mail, we will take care of your request. Please note that ID, the name,
resident (business) registration number and legal alien registration number may not be corrected. If, however, your name has been duly changed, or if your resident (business) registration number has been duly changed for administrative reasons, then correction of such information may be
exceptionally permissible. If correction or removal is prohibited or restricted under applicable law or regulation, fulfillment of your request may be
restricted. Further, if you request correction of your personal information, the relevant personal information will not be used or provided until
correction has been completed, unless provision of the information is requested pursuant to any other applicable law or regulation. As for
information that was already provided to a third party, the third party will be notified of the results of correction without delay, so that the corrected
information may apply as soon as the correction process is complete.
B. You may at any time request to stop handling of your personal information at Gmarket; provided that in the following case, we may refuse to
satisfy your request:
1) if particularly prescribed by any law or regulation, or if the handling is inevitable to perform obligations in compliance with applicable law or
regulation;
2) if there is apprehension that life/body of any other person may be harmed or that the property and other interest of any other person may be
unjustly infringed upon; or
3) if, without handling the personal information, it is impossible to perform a contract with the customer (such as a contract for provision of service), where the customer has not expressly made it clear that he/she intends to terminate the contract.)
C. You may at any time withdraw your consent to our collection, use, and provision of personal information (whether provided at the sign-up
process or otherwise). The consent can be withdrawn on the web (by clicking ¡°application for withdrawal from a membership¡± at Gmarket), or by
contacting our Privacy Officer in writing, by phone, by email or otherwise. At your request, we will take necessary measures to handle withdrawal
requests without delay; provided that, if required to keep in storage your personal information pursuant to applicable law, regulation or terms and
conditions, handling of your withdrawal request may be restricted. In such case, you must disclose your Member ID and personally identifiable
information to verify your identity. Upon withdrawal, your use of the Service may be somewhat limited or the Service in part or wholly may be
unavailable to you.
7. What You Should Look out for to Protect Your Personal Information
You have obligations to protect your own personal information, and we are in no event responsible for any issues or problems arising out of the
leak of personal information caused by your own negligence(such as, transfer, lending or loss of your ID, Password, access medium, etc., leaving a PC without logging out, and the like), inherent problems in Internet (such as, vulnerability of browsers, hacking by use of such technology or
method as cannot be prevented by security measures compliant with applicable laws and regulations and as controllable despite of substantial
care taken by the Company to prevent the same) and the like, in each case, so long as it is not attributable to the Company.
A. You should keep your personal information up-to-date, and are solely responsible for any accidents arising out of your provision of inaccurate
information.
B. If you misappropriate another¡¯s personal information, including resident registration number, etc., when signing up for a membership or
entering into a transaction to sell or purchase goods or services, you may lose your membership and be subject to criminal sanctions under the
Resident Registration Act.
C. You are responsible to keep your ID, password and so on securely protected. You should not assign or lend any of them to a third party. You
have obligations to cooperate with the Company¡¯s request to change your passwords regularly for security purposes pursuant to the Policy.
D. After using our services, you should log out from your account and close the web browser.
E. You must comply with all laws and regulations concerning personal information, including but not limited to the IC Network Act, the Data
Protection Act, and the Resident Registration Act.
8. Liability on Links to Another Web Sites
We can provide you with links to another websites. However, this Policy is not applicable to such other sites¡¯ collection of personal information.
9. Technical / Managerial Safeguards to Protect Personal Information
In handling your personal information, we take the following technical/managerial safeguards to ensure your personal information secure from
loss, theft, leak, falsification or destruction:
A. Encryption of Personal Information
Your passwords will be, after one-way encryption, kept and managed, and only you who knows the passwords can check and modify your
passwords. We set rules on the generation of passwords so as to prevent you from using your birthday, phone number, or any other numbers
easily predictable. Your personal information, such as resident registration numbers, legal alien registration numbers, bank account numbers and
credit card numbers, will be, after encrypted by safe password algorithms, kept and managed.
B. Anti-hacking Measures
To prevent leak of your personal information as a result of intrusion to our information and communications networks, such as hacking, we operate intrusion detection and firewall systems for 24 hours a day. To prevent an intrusion, all of our intrusion detection and firewall systems have duplex
configuration, and for secure transmission on networks, sensitive personal information in transit is protected through encryption and so on.
C. Minimization and Training of Personal Information Managers
We limit the number of our employees who handle personal information to the minimum level necessary and impress on them the importance of
protection of personal data through managerial safeguards, including but not limited to their training.
D. Operation of a Separate Department particularly for the Protection of Personal Information
For the efficient protection of personal information, we operate a separate department particularly for the protection of personal information. Further we exert our efforts to correct any problem, if found, through checking items to comply with under this Policy and whether our personal information managers are in compliance with the Policy.
10.Privacy Officer
We exerts our best efforts to help you use our services safely. You can report any complaint on privacy issues in relation to the use of our services,
to our privacy officer or a separate department in charge of protection of personal information, and we will respond to your reports promptly and with sincerity.
Protection of Personal Information
If any other reporting or counseling is required in relation to infringement of personal information, please contact the following institutions for
inquiry.
11. Obligation of Notification
This Policy may be amended pursuant to the government¡¯s policy or out of necessity of the Company. Any addition, deletion or revision of this Policy will be notified in advance on our homepage or by email at least 7 days prior to the effective date, and if it is difficult to give prior notification, it will be notified subject to availability without delay.; provided that if any material term (i.e., the purpose of collection and use of personal information, the
third party to which personal information will be provided, etc.) is added, deleted or revised, such addition, deletion or revision will be notified in
advance at least 30 days prior to the effective date that the Policy as amended will take effect 30 days from the date of notification. In addition, in
case where any content to which requires us to obtain from you a separate consent to any consent item(i.e., the collection and use of personal
information, provision of personal information to a third party, etc.) under applicable law or regulation (including without limitation, the Act on
Promotion of Information and Communications Network Utilization and Information Protection, etc.), is added or changed, we will obtain a separate consent from you pursuant to the applicable law or regulation.
Date of Notification: November 1, 2011
Effective Date: December 1, 2011
If you have any comment or complaint in relation to the protection of your personal information, please contact the Privacy Officer and other relevant employee in charge of protection of personal information and we will handle it promptly and accurately.
Phone No.: 02-589-8986
or E-Mail : privacy@corp.gmarket.co.kr
|
