Privacy Policy

This Privacy Policy explains how the entity operating “MadenKorea” (the storefront at madenkorea.com) processes your personal data. For the purposes of India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), we are the Data Fiduciary for the data we collect from you.

• Data Fiduciary: GTS TRADE SOLUTIONS PRIVATE LIMITED
• Brand: MadenKorea
• Registered office: 21, Gulam Abbas Alikhan 9th Street,, Thousand Lights, CHENNAI, TAMIL NADU, 600006
• Email: info@madenkorea.com
• Phone: +919384857587
• GSTIN: 33AAFCG8709CIZU

We collect data you give us directly (when you create an account, place an order, sign up to our newsletter, contact us, or post a review) and data your browser sends us automatically when you visit the site.

• Identity data: name, date of birth (when provided).
• Contact data: email address, phone number, shipping and billing addresses.
• Account data: password (stored hashed), authentication tokens.
• Order data: products purchased, prices, shipping address, courier tracking numbers.
• Payment data: we never see or store your card / UPI / netbanking credentials. Razorpay processes these and shares with us only the transaction status, amount, and a payment reference.
• Technical data: IP address, browser type, device information, approximate location derived from IP.
• Usage data: pages viewed, products clicked, cart additions, search queries, referral source.
• Marketing preferences: whether you've opted in to email or WhatsApp marketing.
• User-generated content: product reviews, ratings, photos you upload to reviews.

• To process and deliver your orders.
• To manage your account, authenticate you, and provide customer support.
• To send transactional messages about your orders (confirmation, shipping updates, refund notices).
• To send marketing messages, but only with your explicit consent — you can withdraw it at any time.
• To improve the website, products, and services.
• To detect and prevent fraud and abuse.
• To comply with legal and regulatory obligations (GST records, consumer-protection rules, court orders).

We rely on the following grounds set out in the DPDP Act:

• Your consent for marketing communications, optional analytics cookies, and any other purpose where you actively choose to share data with us.
• Performance of a contract for everything needed to fulfil your order — from address details to courier handoff.
• Legal compliance for tax and consumer-protection records we're required to keep.
• Legitimate use for fraud prevention, site security, and core analytics that don't identify you.

We share data with a small number of vetted service providers, only to the extent they need it to do their job. We do not sell your personal data.

Some of these processors are located outside India. By using the site you understand and accept that your data may be transferred to and processed in those jurisdictions, subject to safeguards that meet the requirements of the DPDP Act.

If your order includes products supplied by a third-party vendor through MadenKorea, the vendor receives only the data they need to fulfil the order (your name, shipping address, the items in that vendor's portion of your order).

We may share data with regulators, courts, or law-enforcement agencies when we're legally required to.

We retain different categories of data for different lengths of time depending on what they're used for and what the law requires:

• Order & invoice records: 7 years, to meet GST and accounting record-keeping rules under Indian tax law. We can't delete these earlier even if you close your account.
• Account data (name, email, password hash, saved addresses, wishlist): as long as your account is active, or until you ask us to delete it.
• Marketing data (newsletter opt-in, WhatsApp consent): until you withdraw consent — via the unsubscribe link in any marketing email, by replying STOP on WhatsApp, or by editing your preferences in your account.
• Analytics and event logs: 24 months from the event date, then deleted or aggregated to non-identifiable statistics.
• Customer-support correspondence: 3 years after the case is closed.
• Fraud-investigation records: kept as long as needed to investigate and resolve, then deleted.

How to delete your account

You can request deletion of your account at any time. To start the process, email info@madenkorea.com from the address on your account with the subject line “Delete my account”. We acknowledge the request within 48 hours and complete the deletion within 30 days.

When we delete an account we remove your profile, saved addresses, wishlist, cart, marketing preferences, and any user-generated content (reviews, photos) that identifies you. What we keep is limited to what we're legally required to retain — primarily order and invoice records for the 7-year GST window.

We may also terminate or suspend an account on our end (with or without notice) for fraud, abuse, repeated chargebacks, violation of these terms, or any other lawful reason. In that case we follow the same deletion rules above, applied as soon as is consistent with completing any open investigation.

Under the DPDP Act you have the following rights as a Data Principal:

• Right to access a summary of your personal data and the purposes for which we process it.
• Right to correction of inaccurate or incomplete data, and to update your account details directly from My Account.
• Right to erasure of your personal data when it's no longer needed, subject to legal retention rules (e.g. invoices).
• Right to nominate another individual who can exercise these rights on your behalf in the event of your death or incapacitation.
• Right to grievance redressal — raise complaints with our Grievance Officer (next section).
• Right to withdraw consent at any time. Withdrawing consent doesn't affect lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, write to info@madenkorea.com from the email address on your account. We'll respond within 30 days.

Our products and services are intended for adults (18 years or older). The DPDP Act treats anyone under 18 as a child and requires verifiable parental consent before processing a child's personal data.

We do not knowingly collect personal data from children. If you believe a child has shared data with us, please write to info@madenkorea.com and we'll delete the relevant records.

If you have a concern about how your personal data is being handled, contact our Grievance Officer. We acknowledge complaints within 48 hours and aim to resolve them within one month, in line with Consumer Protection (E-Commerce) Rules 2020 and the DPDP Act.

• Name: Manoj Prabhu
• Designation: Customer Relations Officer
• Email: operations@madenkorea.com
• Phone: +919384857587
• Address: 21, Gulam Abbas Alikhan 9th Street,, Thousand Lights, CHENNAI, TAMIL NADU, 600006

We implement reasonable security practices and procedures consistent with the IT (Reasonable Security Practices) Rules, 2011 and the DPDP Act. These include encryption of data in transit (TLS), encryption at rest for sensitive data, role-based access for employees, and incident response plans for breaches.

Despite our efforts, no system is perfectly secure. If we ever detect a personal-data breach that affects you, we'll notify you and the Data Protection Board of India as required by the DPDP Act.

We use cookies and similar browser-storage mechanisms for authentication, cart continuity, anonymous analytics, and (with your permission) marketing measurement. The full list of cookies, their purposes, and how to change your mind any time is on our Cookie Policy page.

We may update this Privacy Policy from time to time. When we make a material change we'll update the “Last updated” date and, where required, ask for your fresh consent.

This Privacy Policy is published in English. A translation in Hindi or another Indian language listed in the Eighth Schedule of the Constitution is available on request — write to info@madenkorea.com.