Privacy Policy of Burberry Korea Limited. (Customer)
Privacy Policy of Burberry Korea Limited. (Customer)
Last updated: May 2026
Burberry Korea Limited (the “Company” or “Burberry Korea”) establishes and discloses this Korea Privacy Policy (the “Korea Privacy Policy”) as follows in an effort to proactively protect the personal information of customers collected and processed by the Company and to effectively address any related questions or concerns from customers pursuant to Article 30 of the Personal Information Protection Act (the “PIPA”). This Korea Privacy Policy may change pursuant to relevant Acts, Regulations and Rules as well as the Company’s internal operation policies.
Article 1 (Purposes of Processing Personal Information and Items of Personal Information to be Processed)
The Company collects the following items of personal information from customers.
General Personal Information
Classification Mandatory
Purposes of Processing Personal Information | Identifying and verifying of customer information; registration and management of customer account of each customer; offering an enhanced customer service. |
Items of Personal Information to be Processed | Name, title, email address country/region of residence, language for communication, contact information (as selected and provided by customers among e-mail address, phone number and address), measurement information (relating to bespoke orders). |
Classification Optional
Purposes of Processing Personal Information | Receiving feedback from customers; providing, helping you to check out faster when purchasing from Burberry, receiving Burberry updates, improving customer services. |
Items of Personal Information to be Processed | E-mail address, phone number, address, gender, date of birth / age, and payment information |
Article 2 (Period of Processing and Retaining Personal Information)
The Company processes and retains personal information within statutorily prescribed periods of retention and use, or within such period that customers agreed to at the time of collecting his/her personal information.
- Registration of customer accounts: Until the customer deletes their customer account (however, in the event that an investigation or inspection is proceeding due to the violation of relevant acts and regulations, customer accounts may be preserved until the end of such investigation or inspection).
- Provision of goods or services: Until the completion of supply of goods or services, and the payment or settlement of fee for such goods or services and as otherwise required to be retained by the Company for its proper record keeping purposes in accordance with applicable laws.
Article 3 (Providing Personal Information to Third Parties)
- The Company processes personal information of customers within the scope set forth under Article 1 (Purposes of Processing Personal Information and Items of Personal Information to be Processed), and provides third parties with the personal information collected only when it falls under Article 17 of the PIPA: (i) where consent is obtained from the data subject, and (ii) where there are special provisions prescribed by acts.
- The Company provides its affiliates, including other companies, joint ventures, franchises, and licensees within the Burberry Group worldwide (the “Affiliates”), with the personal information of customers collected during the period until the customer deletes his/her account, for purposes such as (i) providing services to offline customers visiting the Burberry stores worldwide, (ii) registering customer accounts for such providing of services, (iii) retaining transaction records as statutorily prescribed or as otherwise required to be retained for proper record keeping purposes, (iv) developing and enhancing products and services by analyzing purchase pattern of customers and understanding preferences of key customers, (v) provision of customized services by informing customers of products, services and events , and (vi) developing products and services by analyzing offline customers visiting the Burberry stores and customers participating in events (including the internal group reporting thereof).
The Company provides the personal information of customers to the following Affiliates. These Affiliates retain and use the personal information of customers until the aforementioned purposes are attained.
Affiliated Companies:
| COMPANY NAME | COUNTRY/REGION |
Burberry (Austria) GmbH | Austria |
Burberry (Deutschland) GmbH | Germany |
Burberry (Malaysia) Sdn. Bhd. | Malaysia |
Burberry (Shanghai) Trading Co., Ltd | Mainland China |
Burberry (Singapore) Distribution Co. PTE Ltd | Singapore |
Burberry (Spain) Retail SL | Spain |
Burberry (Spain) Retail SL, Sucursal em Portugal | Portugal |
Burberry (Suisse) S.A. | Switzerland |
Burberry (Taiwan) Co Ltd | Taiwan Area, China |
Burberry (Thailand) Limited | Thailand |
Burberry (Wholesale) Limited (US) | US |
Burberry Antwerp N.V. | Belgium |
Burberry Asia Limited | Hong Kong S.A.R, China |
Burberry Brasil Comércio de Artigos de Vestuário e Acessórios Ltda | Brazil |
Burberry Canada Inc | Canada |
Burberry Czech Rep s.r.o. | Czech Republic |
Burberry France SASU | France |
Burberry Hungary kft | Hungary |
Burberry India Pvt Limited | India |
Burberry Ireland Limited | Ireland |
Burberry Italy SRL | Italy |
Burberry Japan K.K. | Japan |
Burberry Al Kuwait General Trading Textiles and Accessories Company W.L.L. | Kuwait |
Burberry Limited | United Kingdom |
Burberry Limited | United States |
Burberry Macau Limited | Macau S.A.R |
Burberry Middle East LLC | United Arab Emirates |
Burberry Netherlands BV | Netherlands |
Burberry New Zealand Limited (New Zealand) | New Zealand |
Burberry Pacific Pty Ltd | Australia |
Burberry Qatar WLL CR | Qatar |
Burberry Saudi Company Limited | Saudi Arabia |
Burberry Turkey Giyim Toptan VE Perakande Satis Limited Sirketi | Turkey |
Horseferry Mexico S.A. de C.V. | Mexico |
Horseferry Mexico Servicios Administrativos, S.A. de C.V. | Mexico |
Sandringham Bahrain W.L.L. | Bahrain |
Article 4 (Delegation of the Processing of Personal Information)
- The Company delegates the processing of personal information for efficient processing of personal information as follows:
| Delegatee | Contents of Delegated Services |
Burberry Limited | Processing orders, customer service support, management of customer accounts records, marketing and promotion support, and data analysis support |
JBOPS | Telemarketing and LMS/MMS services |
ILYANG Logis Ltd. | Delivery of goods |
Smartro Co. Ltd | Payment services provider |
List of the Subcontracted Delegatees
| Company Name | Country/Region | Service |
| Adyen NV | Netherlands | Payment services provider |
| Amazon Web Services EMEA SARL | European Union | Cloud data storage and web services provider |
| Braze, Inc | United States | Customer marketing platform provider |
| Capgemini UK plc | United Kingdom | IT service provider |
| Commercetools GMBH | European Union | E‑commerce cloud services provider |
| Databricks Inc | United States | IT service provider |
| Datastax Inc. | United States | Data storage platform provider |
| EPAM Systems Limited | United Kingdom | IT support services provider |
| Google Ireland Limited | Ireland( | Promote Burberry products & services |
| HCL Technologies Limited | United Kingdom | IT service provider |
| IBM (International Business Machines Corporation) | United Kingdom, European Union | Order management services provider |
| Kickbox, Inc. | United States | IT service provider |
| LivePerson Netherlands B.V | Netherlands, United Kingdom | IT service provider |
| Meta Inc | United States | Promote Burberry products & services |
| MetaPack Limited | United Kingdom, United States | Delivery service provider |
| Narvar Inc | United States | Returns management services provider |
| New Relic, Inc. | United States | IT service provider |
| OMD EMEA Limited | United Kingdom | Marketing services provider |
| Oracle MICROS | United Kingdom | POS services |
| Qualtrics LLC | United States | IT service provider |
| Reddit, Inc. | United States | Promote Burberry products & services |
| Riskified Ltd | Israel, United States | Fraud management solution provider |
| Salesforce UK Limited | United Kingdom | Customer database platform provider |
| SAP UK Limited | United Kingdom | Software and storage services provider |
| Tamr, Inc | United States | Data management IT services provider |
| TikTok Information Technologies UK Limited | United Kingdom | Promote Burberry products & services |
| Twilio Inc | United States | IT service provider |
| Uberall Limited | United Kingdom | Digital marketing services provider |
| United Parcel Service (UPS) | United States | Delivery service provider |
| Verint Systems UK Limited | United Kingdom | IT service provider |
| Vonage Business Limited | United Kingdom | Customer Service IT service provider |
- When the Company enters into a delegation agreement, the Company implicitly sets forth in the agreement the matters related with liabilities regarding the prevention of personal information processing for purposes other than the purpose of performing the delegated services, technical and managerial measures to ensure security of personal information, restriction of subcontracting, management and supervision of the delegatee, and for compensation for damages pursuant to Article 25 of the PIPA, and supervises the safe processing of personal information by the delegatee.
When the delegatee or content of delegated services is changed, the Company will disclose such changes through this Korea Privacy Policy in a timely manner.
- Customers may exercise, at any time, his/her rights against the Company regarding the protection of personal information in the following paragraphs:
a) Request for access to personal information;
b) Request for correction in case of errors, etc.;
c) Request for deletion; and
d) Request for suspension of processing personal information - Rights under Article 5 may be exercised through Customer Service Team (customerservice@burberry.com, 007-983-218-146), and the Company will promptly implement measures after verifying the identity of the customer making the request or the legitimate agent of the requesting customer upon such request for exercise rights in the above. The Company may refuse such request in the event there is a justifiable reason prescribed by the act.
- When customers request for correction or deletion of errors, etc. in their personal information, the Company will promptly action the requested correction or deletion in accordance with its established processes and procedures and in accordance with applicable laws.
- Rights under Article 5 may be exercised through agents such as a legal representative or a delegated person of customers. In this case, customers must submit the power of attorney pursuant to Annex Form No. 11 of the Enforcement Rule of the PIPA.
- Customers must not violate relevant statutes such as the PIPA, and must not infringe on personal information and private life of the customer him/herself or others processed by the Company.
Article 6 (Destruction of Personal Information)
- The Company will promptly destroy personal information when the retention period of personal information has lapsed, when the purposes of processing such information have been achieved and hence the processing of such information becomes no longer necessary.
- After the Company attains the purposes set forth in the above, personal information of customers will be segregated destroyed after certain storage period depending on the grounds for protection of information pursuant to the internal policy and other relevant acts and regulations (see the retention and use period). Personal information that has been segregated is not used for purposes other than retention unless provided by the act.
- The Company will endeavor to delete personal information in the form of electronic file by the technical method that makes it irrecoverable. Any other personal information printed out in documents will be destroyed by incinerating them or shredding them.
Article 7 (Measure to Ensure the Security of Personal Information)
With respect to the processing of personal information of customers, the Company takes various technical and managerial actions including encryption of personal information, exerting efforts to protect the system from hacking or viruses, and controlling access rights to information for ensuring safety in order to prevent the loss, theft, leakage, alteration or damage of personal information.
Article 8 (Data Protection Officer)
1. The Company designates the following Data Protection Officer responsible for general affairs relating to personal information processing in order to handle customer complaints and damage remedy procedures regarding personal information processing.
- Data Protection Officer
Name: Hye-Kyoung Kim
Title: Representative Director
Contact: 02-3485-6538
- Customer Service Team
Contact: customerservice@burberry.com, 0079844341257
2. Customers may raise any petition regarding personal information protection to the foregoing Data Protection Officer and Customer Service Team.
Article 9 (Request to Access Personal Information)
Customers may make requests to access personal information to the following team pursuant to Article 35 of the PIPA. The Company will exert its best effort to promptly process such request from customers.
- Customer Service Team
- Contact: customerservice@burberry.com, 0079844341257
Article 10 (Method to Remedy Infringement of Rights)
Customers may contact the following agencies for the damage remedy or consultation regarding infringement on personal information.
- Personal Information Infringement Report Center (Operated by the Korea Internet & Security Agency)
- Work scope: Report of personal information infringement and application for consultation
- Website: www.privacy.kisa.or.kr
- Phone number: (No area code) 118
- Address: (58324) Personal Information Infringement Report Center, 3rdFl., (Bitgaram-dong 301-2) 9, Jinheung-gil, Naju-si, Jeollanam-do
- Personal Information Dispute Mediation Committee
- Work scope: Application for personal information dispute mediation and collective dispute mediation (civil resolution)
- Website: www.kopico.go.kr
- Phone number: (No area code) 1833-6972
- Address: (03171) 4thFl., Seoul Government Building, 209, Sejong-daero, Jongno-gu, Seoul
- Cyber Crime Investigation Division of the Supreme Public Prosecutors’ Office: 02-3480-3573 (www.spo.go.kr)
- Cyber Bureau of the National Policy Agency : 182 (https://cyberbureau.police.go.kr)
Article 11 (Amendments to Korea Privacy Policy)
This Korea Privacy Policy shall take effect from August 21, 2019. If the Company makes any amendment to this Korea Privacy Policy, the Company shall inform customers of such amendment pursuant to the relevant statutes including the PIPA by updating the “Last Updated” date at the start of this Korea Privacy Policy.