Privacy Policy

Privacy Policy

JEJU Commercial Brokers | minkorea.com
Effective Date: May 1, 2026
Last Updated: May 1, 2026
Version: 2.0 (Revised — Abu Dhabi HQ)

1. Introduction

JEJU Commercial Brokers ("JEJU," "we," "us," or "our") is a commercial trade brokerage company headquartered in Abu Dhabi, United Arab Emirates, operating the B2B/B2C commercial brokerage platform at jejubrokers.com and the authentic Korean product storefront at minkorea.com (collectively, the "Platform").

We are committed to protecting the personal data of all individuals who interact with our Platform — including Guests, B2C Consumers, B2B Clients, Verified Sellers, and any other users. This Privacy Policy ("Policy") explains what personal data we collect, why we collect it, how we use and protect it, with whom we share it, and what rights you have over your data.

By accessing or using the Platform in any capacity, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, you must not use the Platform.

This Policy applies to all data processing activities conducted by JEJU in connection with the Platform, regardless of the device or location from which you access it.

2. Data Controller

The data controller responsible for your personal data is:
Legal Name JEJU Commercial Brokers
Headquarters Abu Dhabi, United Arab Emirates
Primary Platform jejubrokers.com
Secondary Platform minkorea.com
Privacy Contact privacy@jejubrokers.com
Legal Contact legal@jejubrokers.com

For all data protection enquiries, requests, and complaints, contact our Privacy team at privacy@jejubrokers.com.

3. Applicable Law

This Policy is designed to comply with the following applicable data protection laws:

  • UAE Personal Data Protection Law (PDPL) — Federal Decree-Law No. 45 of 2021 (primary governing law)

  • UAE Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism — data retention obligations for KYC/AML records

  • Korean Personal Information Protection Act (PIPA) (개인정보 보호법) — applicable to personal data of Korean data subjects and Sellers

  • EU General Data Protection Regulation (GDPR) — applicable to personal data of EU/EEA data subjects

  • UK General Data Protection Regulation (UK GDPR) — applicable to personal data of UK data subjects

  • Saudi Arabia Personal Data Protection Law (PDPL) — applicable to personal data of Saudi data subjects

Where multiple laws apply to the same data subject, JEJU applies the most protective standard.

4. Personal Data We Collect

4.1 Data You Provide Directly

Data Category Examples Who Provides It
Identity Data Full name, date of birth, nationality All registered users
Contact Data Email address, phone number, mailing address All registered users
Account Credentials Username, password (hashed — never stored in plaintext) All registered users
Transaction Data Order details, quantities, prices, payment method type B2C Consumers, B2B Clients
Shipping Data Delivery name, address, instructions B2C Consumers
Business Data Company name, business registration number, trade license, VAT number B2B Clients, Verified Sellers
KYC Documents Business registration certificate, representative ID, bank account confirmation Verified Seller applicants
Financial Data Bank account details (for Seller payouts), tokenized payment card data Verified Sellers, B2C Consumers
RFQ & Deal Data Sourcing requirements, budget ranges, product specifications, deal documents B2B Clients
Communications In-platform messages, support tickets, emails to JEJU All users
Content Data Product descriptions, images, blog comments, reviews Verified Sellers, B2C Consumers
Preferences Communication opt-ins, notification settings, language preference All registered users

4.2 Data Collected Automatically

When you access the Platform, we automatically collect the following technical data:

Data Category Examples
Device Data Device type, operating system, browser type and version, screen resolution
Network Data IP address, approximate geographic location (country/city level), ISP
Usage Data Pages visited, time spent on pages, click patterns, search queries, features used
Transaction Metadata Order timestamps, session IDs, cart abandonment data
Cookie Data Session cookies, preference cookies, analytics cookies (see Cookie Policy)
Log Data Server access logs, error logs, security event logs

4.3 Data Received from Third Parties

In limited circumstances, JEJU may receive personal data about you from third parties, including:

  • Payment processors — transaction confirmation and fraud screening results

  • KYC verification partners — identity verification outcomes and document authenticity assessments

  • Sanctions screening providers — results of sanctions list and PEP database screening

  • Social login providers — basic profile data if you choose to register using a social login option (name, email)

  • Korean business registries — publicly available business registration information for Seller verification

5. How We Use Your Personal Data

5.1 Legal Bases for Processing

JEJU processes personal data on the following legal bases under UAE PDPL, GDPR, and equivalent laws:

Legal Basis When We Use It
Consent Marketing communications; non-essential cookies; SMS notifications
Contract Performance Processing orders; managing accounts; delivering brokerage services; Seller onboarding
Legal Obligation KYC/AML compliance; financial record retention; tax reporting; responding to regulatory requests
Legitimate Interest Platform security; fraud prevention; service improvement; B2B marketing to existing clients
Vital Interests Emergency situations affecting user safety

5.2 Specific Processing Purposes

Purpose Data Used Legal Basis
Account registration and management Identity, contact, credential data Contract performance
Processing and fulfilling Orders Transaction, shipping, payment data Contract performance
Brokerage deal facilitation RFQ data, business data, deal documents Contract performance
Seller verification (KYC) KYC documents, business data Legal obligation (AML/CFT)
Seller payout processing Bank account data, transaction data Contract performance
Customer support Communications, identity, transaction data Contract performance; Legitimate interest
Fraud detection and prevention Device, network, usage, transaction data Legitimate interest; Legal obligation
Sanctions and AML screening Identity, KYC, business data Legal obligation
Platform security and abuse prevention Log data, device, network data Legitimate interest
Platform improvement and analytics Anonymized usage data Legitimate interest
Marketing communications Email, name, preference data Consent (B2C); Legitimate interest (B2B)
Compliance with legal obligations Any relevant data category Legal obligation
Enforcing Platform agreements Identity, transaction, communications data Legitimate interest; Contract performance

6. Cookies

JEJU uses cookies and similar tracking technologies on the Platform. Cookies are small text files stored on your device that help us provide and improve the Platform.

6.1 Cookie Categories

Category Purpose Consent Required
Strictly Necessary Essential for Platform operation (session management, security, cart) No — essential service
Functional Remember your preferences (language, currency, login) Yes
Analytics Understand how users interact with the Platform (Google Analytics) Yes
Marketing Deliver relevant advertising and track campaign effectiveness Yes

For full details on the cookies we use, their names, providers, and retention periods, please refer to our Cookie Policy.

You can manage your cookie preferences at any time through the Cookie Preference Centre accessible in the Platform footer.

7. Data Sharing

7.1 Who We Share Data With

JEJU shares personal data only where necessary and with appropriate safeguards in place:

Recipient Category Purpose Legal Basis
Verified Sellers Sharing Buyer shipping address and order details for fulfillment Contract performance
B2B Clients Sharing Supplier profiles and deal information for brokerage facilitation Contract performance
JEJU Brokers Access to RFQ, deal, and Client data to facilitate brokerage engagements Contract performance
Payment Processors Secure payment processing (Stripe, PayPal — Phase 2) Contract performance
KYC Verification Partners Identity and document verification for Seller onboarding Legal obligation; Contract performance
Sanctions Screening Providers Compliance screening against sanctions and PEP lists Legal obligation
Email Service Providers Delivering transactional and marketing communications Legitimate interest; Contract performance
Analytics Providers Platform usage analytics (anonymized/aggregated data only) Legitimate interest; Consent
Legal & Regulatory Authorities Compliance with court orders, regulatory requests, law enforcement Legal obligation
Professional Advisors Legal, accounting, and compliance advice (under confidentiality) Legitimate interest

7.2 What We Never Do

JEJU will never:

  • Sell your personal data to third parties for their own commercial purposes

  • Share your personal data with advertisers for targeting purposes without your explicit consent

  • Disclose Seller KYC documents to other Sellers or Buyers

  • Share Buyer shipping details with parties other than the fulfilling Seller

  • Transfer personal data to countries without adequate data protection without appropriate safeguards

8. International Data Transfers

JEJU operates across the Korea–UAE–Global trade corridor. Personal data may be transferred between the UAE, Republic of Korea, and other jurisdictions where JEJU's service providers operate.

8.1 Transfer Safeguards

All international data transfers are conducted under appropriate safeguards, including:

  • UAE PDPL adequacy determinations — transfers to jurisdictions recognized as providing adequate protection

  • Standard Contractual Clauses (SCCs) — for transfers to jurisdictions without an adequacy determination

  • Data Processing Agreements — binding agreements with all data processors

  • GDPR Chapter V safeguards — for transfers involving EU/EEA data subjects

8.2 Korea–UAE Data Transfers

Personal data transferred between Korea and the UAE is subject to both Korean PIPA and UAE PDPL requirements. JEJU implements appropriate contractual safeguards for all such transfers and applies the more protective standard where the laws differ.

9. Data Retention

JEJU retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Key retention periods include:

Data Category Retention Period
Account data Duration of account + 3 years
Order and transaction records 7 years from transaction date
KYC and AML records 5 years from verification decision (UAE AML/CFT requirement)
Financial and accounting records 7 years from financial year end
Marketing consent records Duration of relationship + 3 years
Security and access logs 12 months rolling

For the complete retention schedule across all data categories, please refer to our Data Retention & Deletion Policy.

10. Data Security

JEJU implements technical and organizational security measures appropriate to the risk level of the personal data processed, including:

  • Encryption in transit — TLS encryption for all data transmitted between users and the Platform

  • Encryption at rest — sensitive data fields encrypted in the database

  • Password hashing — all passwords hashed using bcrypt (12 rounds) — plaintext passwords never stored

  • Role-based access control — Platform data accessible only to authorized staff and users based on their role

  • Two-factor authentication — available for all registered user accounts

  • Regular security testing — periodic vulnerability assessments and penetration testing

  • Incident response plan — documented procedures for detecting, containing, and reporting data breaches

  • Staff training — all JEJU staff with data access receive regular data protection training

  • SPF, DKIM, DMARC — email authentication standards implemented to prevent spoofing and phishing

No security measure is completely foolproof. In the event of a personal data breach, JEJU will notify affected users and relevant authorities in accordance with UAE PDPL and applicable law.

11. Your Rights

11.1 Rights Under UAE PDPL and GDPR

Depending on your location and the applicable law, you have the following rights regarding your personal data:

Right Description
Right of Access Request a copy of the personal data JEJU holds about you
Right to Rectification Request correction of inaccurate or incomplete personal data
Right to Erasure Request deletion of your personal data (subject to legal retention obligations)
Right to Restrict Processing Request that JEJU limits how it uses your data in certain circumstances
Right to Data Portability Receive your personal data in a structured, machine-readable format
Right to Object Object to processing based on legitimate interest, including direct marketing
Right to Withdraw Consent Withdraw consent at any time where consent is the legal basis for processing
Right to Complain Lodge a complaint with the relevant data protection authority

11.2 How to Exercise Your Rights

Submit your data rights request through any of the following:

  • Email: privacy@jejubrokers.com — Subject: "[Right Type] Request — [Your Account Email]"

  • Account Dashboard: Account Settings → Privacy → Data Rights Requests

  • Written Request: JEJU Commercial Brokers, Abu Dhabi, United Arab Emirates

JEJU will respond to all data rights requests within 30 calendar days. Complex requests may be extended to 60 days with prior notification.

11.3 Relevant Data Protection Authorities

Jurisdiction Authority
UAE UAE Data Office (dataoffice.ae)
Korea Personal Information Protection Commission (PIPC) — pipc.go.kr
EU Your local EU supervisory authority (edpb.europa.eu)
UK Information Commissioner's Office (ICO) — ico.org.uk
Saudi Arabia Saudi Data & Artificial Intelligence Authority (SDAIA) — sdaia.gov.sa

12. Children's Privacy

The Platform is intended for users aged 18 and over. JEJU does not knowingly collect personal data from individuals under the age of 18. If JEJU becomes aware that personal data has been collected from a person under 18 without parental consent, it will be deleted promptly. If you believe a minor's data has been submitted to the Platform, contact privacy@jejubrokers.com immediately.

13. Third-Party Links

The Platform may contain links to third-party websites, social media platforms, or external services. JEJU is not responsible for the privacy practices of any third-party website. We encourage you to review the privacy policy of any third-party site you visit through a link on our Platform.

14. Changes to This Policy

JEJU may update this Privacy Policy from time to time to reflect changes in applicable law, our data processing activities, or Platform features. Material changes will be communicated by email and Platform notice with at least 14 days' advance notice before taking effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.

Continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy. If you do not agree with the updated Policy, you must cease using the Platform and may request account closure and data deletion.

15. Contact

For all privacy and data protection matters:

Purpose Contact
Data Rights Requests privacy@jejubrokers.com
Privacy Enquiries privacy@jejubrokers.com
Legal Matters legal@jejubrokers.com
Security Incidents security@jejubrokers.com
General Support support@jejubrokers.com
Platform jejubrokers.com/privacy

JEJU Commercial Brokers
Headquartered in Abu Dhabi, United Arab Emirates
Operating Platforms: jejubrokers.com | minkorea.com

This Privacy Policy is effective as of May 1, 2026 and supersedes all previous versions.

© 2026 JEJU Commercial Brokers. All rights reserved.

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies. Cookie Policy