Privacy Policy
Last Updated: May 17, 2024
Thank you for using Lark products and services. We are committed to protecting your privacy through our compliance with this Policy.
Lark offers an online, multi-tool business management, efficiency, and communications platform and standalone applications including but not limited to instant messaging services, content creation and collaboration, cloud storage, calendar services, audio and video calls, email services, and other functions, as well as services that interoperate with other software (collectively, the “Platform”). The Platform and its related services, products, sub-applications within the Platform, standalone applications associated with the Platform, software program and content are collectively referred to herein as the “Services.”
The Services are provided or controlled by (i) Lark Technologies Pte. Ltd. (located at 1 Raffles Quay, #26-10, South Tower, Singapore 048583) if you are accessing the Services outside the U.S.; or (ii) Lark Enterprise Applications Inc. (located at 251 Little Falls Drive, Wilmington, Delaware 19808) if you are accessing the Platform from inside the U.S. (collectively, “we” or “us”).
This privacy policy (“Policy”) sets out the basis on which your data will be processed, collected, used, and disclosed by us when you access or use our Services, together with all related services, products, software programs and content we provide, including any other services where this Policy is shown. For further information about the applicability of the Policy, please see the section “How Does This Policy Apply”.
Please read the following carefully to understand our approach and practices regarding the processing of your information. For the purposes of this Policy, we use “information”, “personal information” and “personal data” to refer to information relating to an identified or identifiable natural person. We also use the term “Business Workplace Owner” to refer to accounts owned by (i) a corporate entity or (ii) a third party who uses it for non-personal purposes.
How Does This Policy Apply?
Under certain data protection laws, a party is either a controller or a processor of data. In general, we are the controller of the information described in the “Types of Information We Collect and Use” section. However, in certain situations, we act as a processor. For example, if a Business Workplace Owner invites you to create an account for its business purposes and you use the Services as an authorized user of its Workplace (“Authorized Business User Account”), we are a processor and the Business Workplace Owner is the controller of “Workplace Data” you generate when you are signed into your Authorized Business User Account. This data and any other data the Business Workplace Owner may control are referred to herein as “Business Owner Controlled Data.” Please note that this Policy does not cover the processing of Business Owner Controlled Data unless such data is shared with us by the Business Workplace Owner as the data controller. Such processing is primarily covered by the Business Workplace Owner’s privacy policy, a separate agreement between the Business Workplace Owner and Lark which governs delivery, access and use of the Services and/or the employment agreement (or any agreement in lieu of the employment agreement) between you and the Business Workplace Owner.
Please note that Business Owner Controlled Data does not include Workplace Data that you generate when you are signed into your personal account, even when you interact with Workplaces associated with Business Workplace Owners. Additionally, upon termination of your Authorized Business User Account by a Business Workplace Owner, Lark will automatically convert your Authorized Business User Account to a personal account. If you continue to use the Services when signed into personal account, we will then generally be the controller of the data associated with that personal account, including Workplace Data.
Types of Information We Collect and Use
We may collect and use the following types of information when you access the Platform or use the Services:
Account Data. To create an account, you or a Business Workplace Owner may give us your name, photo, phone number, email address, password information, and/or similar account details. In addition, if you use a paid version of the Services or certain portions of our Services that enable purchases (e.g., food or car services purchases), we will collect billing details from you or a Business Workplace Owner, including credit card information, banking information and/or billing address.
Workplace Data. We collect and process the content you generate on the Platform and with the Services, including:
- any messages, files, photos, documents, or other content that you upload, view, edit, share or comment on;
- your uploaded address book and contacts, if you choose to provide it;
- calendar entries you create, edit or to which you are invited;
- voice and video data, including when you use voice messaging and conference services, and any associated transcripts; and
- search queries and commands.
Administrative and Interactions Data. We also collect and process data to administer, provide, optimize, and market the Services. Some of this data is collected automatically, including by our service providers and third-party vendors. Administrative and Interactions Data includes:
- metadata and inference information related to your use of the Services, such as your online status, chat details, the features and embedded content you interact with, the types of files you share, and what, if any, third-party integrations you use;
- internet network activity, cookies, and similar tracking technologies, such as data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information (for further information please see our );
- data about your online activity on websites and connected devices over time and across third party websites, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience;
- data about the device you are using to access the Services and related device activity, such as mobile carrier, device IDs, and operating system version; and
- data regarding your communications with us, for example, when you provide us with feedback or contact us with a question or comment through our chat or call services (including on social media).
Location Data. We collect and process information about your location including general location information (e.g., city, state, country and/or zip code) based on your SIM card, IP address, or other device information. With your permission, we may also collect your precise location and Global Positioning System (GPS) data. You may switch off GPS and location information in your system settings. If you choose to share your location with us and consent to our use of this data, we may process this information to provide you with relevant services based on location.
Third Party Data. Lark permits the integration of other services and applications with our Services. If you are using an integrated third-party service, we may receive and process data from that third party (and will also share certain data with that third party, including data described in the above) in order to provide the integrated service.
This Policy does not apply to the processing of your information by third-parties through your use of any third-party integrations available via our services. When using integrated apps and services on Lark, please always review the relevant third-party provider’s legal documents including but not limited to Terms of Service and Privacy Policy.
Additional Business Owner Controlled Data. We may receive information (including data from the categories described above) that we only collect and process when a Business Workplace Owner chooses to use certain features available to those accounts and upon the Business Workplace Owner’s instruction. For example, a Business Workplace Owner may enable features related to (i) attendance, approval, health report and log functions; (ii) business directory services; (iii) third-party integrations; and/or (iv) precise geolocation services, including via cell tower triangulation. As set forth in the “How Does This Policy Apply” section, we are a processor of this Business Owner Controlled Data and the Business Workplace Owner—not Lark—must ensure that they have appropriate legal grounds (including, where required, your consent) before collecting, using, and disclosing such data.
How We Use Information
In addition to the purposes already set out above, we may use, process and/or disclose your information for the following purposes including to:
- Administer, operate, and provide the Services;
- Provide user support and respond to, handle, and process queries, requests, applications, complaints, and feedback from you;
- Investigate and help prevent security issues and abuse, help improve the security of our Services, including use of automated systems to analyze content such as documents, instant messages and emails to detect abuse, such as spam, malware, and illegal content;
- Better understand your interests and needs, and personalize your experience on the Services;
- Analyze and research how you interact with our websites and applications;
- Continually improve the Services and products, including adding new features or capabilities;
- Comply with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority in accordance with or required by applicable law, regulation or legal process;
- Communicate with you, including to notify you with service messages about changes to our Platform or Services;
- Send marketing and promotional materials from us or on behalf of our affiliates and trusted third party business partners;
- Measure and understand our marketing campaigns and the effectiveness of such campaigns;
- Enforce our terms, conditions and policies;
- Fulfill any other purposes for which you have provided the data;
- Transmit to third parties including our business partners, third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in US or abroad, for the aforementioned purposes;
- Fulfill other business purposes related to or in connection with the above.
Combined Information
Unless otherwise prohibited by law, we may combine the information that we collect through your use of our Services with information that we receive from other sources, both online and offline, and use that combined information as set forth above.
Aggregated and De-identified Information
We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties in our discretion.
Legal Bases
If you are an individual from the European Economic Area (“EEA”), the UK, Switzerland or any country which requires notification of the legal bases for processing, our legal bases under the General Data Protection Regulation (“GDPR”) and applicable data protection laws of each such country, for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:
- Where we have your consent to do so;
- Where use of your information is necessary to perform our obligations under a contract with you (e.g., to comply with the Customer Terms of Service or User Terms of Service and deliver the Services);
- Where use of your information is necessary for our legitimate interests or the legitimate interest of others (e.g., to operate our Services; provide security for our Services; prevent fraud; analyze use of and improve our Services; and for similar purposes); and
- Where use of your information is necessary to comply with applicable legal obligations.
How We Share Your Information
We may disclose, at our sole discretion or per your Business Workplace Owner's instructions (if any), your information (including, for example, data which you choose to share with us through Third Party Integrations with Lark Email such as Gmail) with the following third parties, including, without limitation, to those who may be processing your information on our behalf for one or more of the purposes stated above and herein:
Service Providers and Third-Party Vendors
We may disclose your information to service providers who support our business, such as cloud service providers and other technology third-party vendors. These service providers and vendors help us provide, administer and support the Services, including but not limited to research, payment processing and transaction fulfillment, information system maintenance, data processing and storage, analytics, measurement, and disaster recovery.
Business Workplace Owners and its Designated Third Parties
We will share certain information about you with Business Workplace Owners or any third parties designated by Business Workplace Owners only if you are an Authorized User of such Business Workplace Owner.
Third Party Integrations
We may share certain data with Third Party Integrations if you give such Third Party Integrations access to your account and information, and any content you choose to use in connection with those Third Party Integrations.
Our Corporate Group
We may also share your information with other members, subsidiaries, or affiliates of Lark’s corporate group, in order to provide, maintain and improve the Services.
Sale or Merger
As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, user information would likely be one of the transferred assets.
Law Enforcement
We may disclose your information as we believe to be necessary or appropriate to: comply with applicable law and legal processes; respond to requests from public and government authorities; enforce our Customer Terms of Service or User Terms of Service; protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and/or allow us to pursue available remedies or limit the damages that we may sustain.
With Your Consent
We may share your information for other purposes pursuant to your consent or at your direction.
International Data Transfers
International data transfers are necessary for us to provide the Services and fulfill our contractual obligations to you relating to the Services. We share your personal data globally with companies of our business group to carry out the activities specified in this Policy. We may also subcontract the processing of data involved in the Services or share your personal data with third parties located in other countries. We rely on permitted legal bases and exceptions and will comply with requirements under applicable laws, in relation to such transfers.
We maintain servers located in US, Singapore and Japan and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this Policy. When required by applicable law, we will provide an adequate level of protection for your personal data using various means, including where appropriate, relying on a formal decision that a certain country ensures an adequate level of protection for personal data, or complying with Model Contractual Clauses.
In the case where you are an authorized user of a Business Workplace Owner, your Business Workplace Owner will determine which servers will process and store your information. Your Business Workplace Owner may also choose to share your information with parties that are located outside of the country where you live. Your Business Workplace Owner will protect your personal data and comply with requirements under applicable laws in relation to such transfers.
Participation in the Data Privacy Framework
Lark complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Lark has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Lark has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Lark is responsible for the processing of personal data it receives, and subsequently transfers to a third party acting as an agent on its behalf, under the Data Privacy Framework.
Lark complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, the U.K., and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Lark is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
In certain situations, Lark may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website https://www.dataprivacyframework.gov/.
Security of Your Information
We attach great importance to the security of your information and have in place technical, managerial and physical safeguards, including an internal policy for data protection, limiting access to personal data on a need-to-know basis and controlling access to facilities where personal data is processed, in order to prevent any unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold.
However, like all information transferred over the internet, please note that information you send to us electronically may not be secure when it is transmitted to us.
Despite our best efforts, you understand that due to technical limitations and various potential malicious attacks, no security measures are perfect or impenetrable and it is impossible to ensure permanent and absolute security. Therefore, we strongly suggest you take active measures, including but not limited to using a complicated password, regularly changing your password, and avoiding disclosure of your account password or other information relating to logging in to your account, so as to protect the security of your information. We also recommend that you do not use unsecure channels to communicate information or other sensitive or confidential information to us.
Data Retention
We will retain your personal data for the length of time needed to fulfill the purposes outlined in this Policy unless a longer retention period is required, for example to comply with legal obligations or requests or for the establishment, exercise or defense of legal claims, or for legitimate businesses purposes, or as provided by law.
Information Relating to Children and Minors
The Services are intended for and should only be used by, adults (persons who meet the legal consent age in each applicable jurisdiction) and not children or minors. We do not seek or knowingly collect any personal data about children under of the legal age of consent in the applicable jurisdiction. If you learn that anyone younger than legal age of consent has unlawfully provided us with their personal data in relation to the Services, please contact us and we will make commercially reasonable efforts to delete such information from our database.
Your Controls and Choices
Email marketing
If you do not wish to receive marketing information from us, you may follow the unsubscribe instructions included in the emails you receive or contact us as described below. We will continue to send you non-promotional, service emails in regard to your account, such as for billing and payment information, and other emails relating to your account or Workplace, and/or your use of the Services.
Cookies and Similar Technologies
Please review our for more information about how you can control our use of cookies and similar technologies.
Requests regarding your information
Depending on the laws of your jurisdiction, we may provide you with the ability to exercise certain controls and choices regarding our collection, use, and sharing of your personal information. For example, you may have the right to:
- obtain confirmation of whether data are being processed and access, or a copy of, your information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it be transmitted to a third party in such form;
- update, correct or delete the information;
- object to the use, sale, or disclosure of the information, to the extent permitted by the applicable law;
- withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information);
- information about the possibility to refuse providing personal data and the respective consequences, when applicable;
- anonymization, blocking or erasure of data;
- portability of personal data to a third party;
- information of public and private entities with which we shared data; and
- request a review of decisions made solely based on automated processing of personal data affecting your interests, including decisions made to define your personal, professional, consumer or credit profile, or aspects of your personality.
For your safety and to allow us to make sure that we do not disclose any of your personal data to unauthorized third parties, in order to verify your identity and guarantee the adequate exercise of your rights, we may request specific information and/or documents from you before we can properly respond to a request received concerning your data. All data and documents received from you in the process of responding to your requests will be used for the strict purposes of analyzing your request, authenticating your identity, and finally responding to your request.
In certain situations, we may have legitimate reasons not to comply with some of your requests. For instance, we may choose not to disclose certain information to you when a disclosure could adversely impact our business whenever there is a risk of violation to our trade secrets or intellectual property rights. In addition, we may refrain from complying with a request for erasure when the maintenance of your data is required for complying with legal or regulatory obligations or when such maintenance is required to protect our rights and interests in case a dispute arises. Whenever this is the case and we are unable to comply with a request you make, we will let you know the reasons why we cannot fulfill your request.
If you would like to exercise your rights under applicable law, you can submit your request to the email at privacy@larksuite.com with your name, account and a description of your request. Where permissible by law, we may verify your identity. Please allow us a reasonable time to respond to your inquiries and requests.
Please see “Additional Information for Certain Jurisdictions” to learn more about the rights provided in specific jurisdictions.
Complaints
In the event of that you wish to make a complaint about how we process your information, please contact us in the first instance at privacy@larksuite.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a complaint with the data protection authority in the country in which you live or work where you consider we have infringed data protection laws.
Contact Us
If you wish to talk with us about how we process your personal data, please contact us at privacy@larksuite.com and we will endeavor to deal with your request as soon as possible.
Changes
This Policy may be updated by us from time to time to reflect changes to applicable laws, regulations, standards, industry codes or other instruments of a similar nature, or to reflect changes, updates or new features to the Services. When we update the Policy, we will notify you by updating the “Last Updated” date at the top of this Policy and posting the new Privacy Policy and providing any other notice required by applicable law. Your continued access to or use of the Services after the date of the updated Policy constitutes your acknowledgment and agreement that you have read, understood and accepted the terms of the updated Policy. If you do not agree to the updated Policy, you must stop accessing or using the Platform and/or the Services.
Prevailing Language
This Policy is prepared in English and may be translated into multiple languages other than English. If there is any inconsistency between the English language text and any translation, to the maximum extent permitted under applicable law the English language text shall prevail, unless otherwise expressly stated in the applicable translation.
Additional Information for Certain Jurisdictions
We may provide additional information about the privacy, collection, and use of personal data of prospective and current user of our Services located in certain jurisdictions.
A. California Privacy Rights
CCPA Notice for California Residents
Under the California Consumer Privacy Act (“CCPA”), California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights. This notice supplements information provided throughout this Policy and applies only where we act as a controller for your personal information. Certain terms used below have the meanings given to them in the CCPA.
Categories of Personal Information About You We Collect, Use, and Share:
Throughout our Policy, we discuss in detail the specific pieces of personal information we collect from and about the users of our Services. During the 12 months leading up to the effective date of this Policy, we may have collected all of the types of personal information described in the “Types of Information We Collect and Use” section of this Policy. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect as defined by California law. Depending upon the types of services you use, the categories we collect are: identifiers (such as name, address, phone number, email address, IP address, and passwords); demographic information (such as gender); commercial information (such as records of your transactions with us); financial data (such as credit or debit card information); internet or other network or device activity (such as browsing history or a record of your online Services usage); audio or visual information; general and precise location information; user-generated content; inference data; and other information that identifies or can be reasonably associated with you.
We use the above categories of information that we collect from you and from Business Workplace Owners, Business Workplace creators, our business partners, marketers, researchers, analytics partners, social network services, and other parties in order to provide and manage the Services you request; to communicate with you; to analyze the use of our Services; to personalize your experience and customize the Services; to market our Services to you; for bug detection and error reporting; to audit consumer interactions on the Services; to protect the rights of the Services; for legal compliance; and with your consent. For more detail regarding the purposes for which we use information, please see the “How We Use Information” section for more information.
Depending on the circumstances, we may share any of the above categories of information we collect with: our corporate group; service providers; Business Workplace Owners; business partners to provide you with services that you request and information about services and offers that we think you may be interested; other parties, including government entities, when required by law or to protect our users and services; third party integration services pursuant to that service and your settings; and with your consent or in connection with a corporate transaction. In addition, we may share commercial information and financial data, including your payment information, with payment processors. See the “How We Use Information” and “How We Share Your Information” sections for more information.
The CCPA also sets forth certain obligations for businesses that “sell” personal information to third parties. Lark does not “sell” any of the data we collect about you.
CCPA Consumer Privacy Rights
The CCPA also allows you to request us to:
- inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information;
- provide access to and/or a copy of certain personal information we hold about you;
- delete personal information under certain circumstances, subject to a number of exceptions; and
- provide you with information about the financial incentives that we offer to you, if any.
If you’d like to exercise any of the other rights afforded to you, you may contact us at privacy@larksuite.com.
Please note that you may designate an agent to make requests to exercise your rights under CCPA. We will take steps both to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf through providing us with a signed written authorization or a copy of a power of attorney. We will not discriminate against you in a manner prohibited by the CCPA because of you exercising your CCPA rights.
California Minors: If you are a California resident under 18 years of age, you must not use the Services.
B. Privacy Rights for Services users in the European Union
If you are a user of the Services in the European Union, under the General Data Protection Regulation you have the below rights in relation to your personal data. Where we act as a controller for your personal data, you should contact us to exercise any of your rights. Where we act as a processor, you should contact the Business Workplace Owner to exercise any of your rights.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
- where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to use the Services);
- where we are processing your personal data based on legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the personal data we hold about you is being unlawfully processed by us.
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:
- where you believe the personal data we hold about you is inaccurate and while we verify accuracy;
- where we want to erase your personal data as the processing is unlawful, but you want us to continue to store it;
- where we no longer need your personal data for the purposes of our processing, but you require us to retain the data for the establishment, exercise or defense of legal claims; or
- where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.
Right to Object
To the extent that Lark’s processing of your personal data is subject to the General Data Protection Regulation, we rely on our legitimate interests, described above, to process your data. You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Right to Withdraw Consent
You have the right to withdraw your consent to our processing of data about you for marketing purposes at any time, and we will stop processing data about you for that purpose.
To exercise any of these rights above, please contact us at privacy@larksuite.com. In addition, you have the right to complain to the applicable data protection supervisory authority.
You also may access, correct or request deletion of personal data we have about you by logging into your account. You may also request cancellation of your account by contacting us at privacy@larksuite.com. We’ll take steps to delete your information within a reasonable timeframe, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.
GDPR Representative
If you are based in the United Kingdom, our designated GDPR representative is:
Cosmo Technology Private Limited
2 Temple Back East, Temple Quay
Bristol, United Kingdom,BS1 6EG
If you are based in the European Region (other than the United Kingdom), our designated GDPR representative is:
Mikros Information Technology Ireland Limited
Mespil Business Centre, Mespil House, Sussex Road
Dublin 4, Ireland
SUPPLEMENTAL TERMS – JURISDICTION-SPECIFIC TERMS
In the event of a conflict between the provisions of the below Jurisdiction-Specific Terms that are relevant to your jurisdiction from which you access or use the Services, and the rest of this Policy, the relevant jurisdictions’ Jurisdiction-Specific Terms will supersede and govern the data processing.
C.South Korea
Security of your Information. We work hard to protect the Services and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. To this end, we have in place technical, managerial and physical safeguards, including internal policies for data protection, limitation of access to personal data on a need-to-know basis and control of access to the facilities where personal data is processed.
Data Retention. We destroy personal data for which the purposes of collection as consented to by you have been achieved, or for which the periods of use as consented to by you or as provided in this Policy have expired; provided, however, we will continue to store your personal data for any statutorily-prescribed periods, where applicable, including but not limited to:
- Act on Consumer Protection in Electronic Commerce:
- Records on your cancellation of an order, your payment on a purchased item, and our supply of a good/service: 5 years
- Records on the handling of consumer complaints or disputes: 3 years
- Records on advertisements and labels: 6 months
- Protection of Communications Secrets Act
- Records on your visits to our Platform: 3 months
Entrustment and/or International Transfer of Personal data. We entrust your data to our affiliates and service providers, some of whom are located outside of Korea (see here for a list), subject to your consents or notifications to you, if applicable. The entities receiving and processing your data are committed to using and storing personal data in compliance with domestic and international regulations and to taking all available physical and technical measures to protect personal data.
Destruction of personal data. We destroy your personal data in a manner that renders it unrestorable by the relevant department.