South Korea Privacy Notice

Last Update: December 3, 2025

If you are located in South Korea, and access our website, subscribe for Starlink services in your personal capacity, or use Starlink services as an authorized user of an organization that subscribes for Starlink services, this South Korea Privacy Notice (this “Notice”) applies to you. Unless otherwise set forth in this Notice, the terms and definitions of the Global Privacy Policy are incorporated herein by reference. In the event of any conflict or inconsistency between the terms stated herein or those described in the Global Privacy Policy, this Notice shall govern and control.

  1. Processing of Personal Information

    When processing your personal information pursuant to a legal basis other than consent, we rely on the following legal bases under the Personal Information Protection Act of South Korea (“PIPA”) for the purposes outlined in Section 3 of our Global Privacy Policy.

    Legal basis Purposes of collection/use Items of personal information
    Necessary to perform a contract with a data subject or to take actions at the request of the data subject in the process of entering into a contract
    • For the specific business purposes related to the goods and services we provide;
    • To process and deliver customer orders;
    • To manage payments, fees and charges;
    • To manage our relationship with customers, such as communicating with them about our goods and services, providing customer service, and notifying them of changes to our terms or privacy policy; and
    • To administer and protect our business and services, including troubleshooting, and performing data analysis, testing, system maintenance, support, reporting and hosting of data;
    • Identity Data such as first name, last name, title
    • Profile Data such as username or similar identifier, account password, details of products and services customers have purchased from us, customer service requests, interests, preferences, feedback and survey responses, and preferences in receiving marketing and non-marketing communications from us
    • Contact Data such as delivery/service address, email address, telephone number
    • Financial Data such as payment card details and billing address
    • Transaction Data such as details about payments to and from you and other details of products and services you have purchased from us
    • Website Technical Data such as Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and the ways in which you use or interact with our online portal and services
    • Location data (not precise geolocation)
    • Customer Technical Data such as data about throughput delivered to you over time, service connectivity, latency, quality metrics, sky obstruction data, device orientation and location, WiFi quality metrics, WiFi device information, and the public IP address information assigned to a customer over time
    • Communication Information such as audio, electronic, or visual information, any data in any files uploaded, emailed or otherwise provided by you, the contents of your communications with us, whether via e-mail, social media, telephone or otherwise, and inferences we may make from other personal information we collect
    Necessary for the legitimate interests of the data handler, provided that it clearly outweighs the rights of the data subject (this applies only when there is a significant relevance to the legitimate interests of the data handler and does not exceed a reasonable range)
    • To detect, prevent, or otherwise address fraud, security or technical issues, including by monitoring and enforcing compliance with our terms of use, appropriate use policies, and privacy policies; and
    • To defend our interests in the event of a dispute;
    • Identity Data such as first name, last name, title
    • Profile Data such as username or similar identifier, account password, details of products and services customers have purchased from us, customer service requests, interests, preferences, feedback and survey responses, and preferences in receiving marketing and non-marketing communications from us
    • Contact Data such as delivery/service address, email address, telephone number
    • Financial Data such as payment card details and billing address
    • Transaction Data such as details about payments to and from you and other details of products and services you have purchased from us
    • Website Technical Data such as Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and the ways in which you use or interact with our online portal and services
    • Location data (not precise geolocation)
    • Customer Technical Data such as data about throughput delivered to you over time, service connectivity, latency, quality metrics, sky obstruction data, device orientation and location, WiFi quality metrics, WiFi device information, and the public IP address information assigned to a customer over time
    • Communication Information such as audio, electronic, or visual information, any data in any files uploaded, emailed or otherwise provided by you, the contents of your communications with us, whether via e-mail, social media, telephone or otherwise, and inferences we may make from other personal information we collect

  2. Purpose for Using Personal Information

    Please see Section 3 of our Global Privacy Policy.

  3. Optional Consent

    When you engage with our Services, you may be presented with an option to opt-in to providing your personal information for specific purposes, such as marketing communications via SMS or email. This will occur at the point of data collection, and you may decline or later withdraw consent and still be able to use our Services.

  4. Cross-border Outsourcing of Personal Information to Parent Company

    To provide Services to you, we transfer your personal information to our parent company as described below, which is located on servers in the United States.

    Name of recipients Countries of recipients Items of personal information to be transferred Date and methods of transfer of personal information Purposes of use by recipients of personal information Periods of retention by recipients of personal information Legal basis for cross-border transfer
    Starlink Services LLC (privacy@spacex.com) USA See Section 1 of Global Privacy Policy On submission for storage and processing
    • For the specific business purposes related to the goods and services we provide;
    • To process and deliver customer orders;
    • To manage payments, fees and charges;
    • To manage our relationship with customers, such as communicating with them about our goods and services, providing customer service, and notifying them of changes to our terms or privacy policy; and
    • To administer and protect our business and services, including troubleshooting, and performing data analysis, testing, system maintenance, support, reporting and hosting of data
    		 See Section 8 of Global Privacy Policy Article 28-8(1)(iii) (Outsourcing or storage)

    If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to the cross-border transfer of such personal information, or by requesting us to stop such transfer by contacting privacy@spacex.com, but if you refuse, you may not be able to use our Services.

  5. Cross-border Transfer of Personal Information to Third Parties

    We also transfer personal information to third parties located outside of Korea as specified below.

    Name of recipients Countries of recipients Items of personal information to be transferred Date and methods of transfer of personal information Purposes of use by recipients of personal information Periods of retention by recipients of personal information Legal basis for cross-border transfer
    Starlink Services LLC (privacy@spacex.com) USA See Section 1 of Global Privacy Policy Transmissio-n via network when requested by the recipient
    • To provide goods and services;
    • To process and deliver customer orders;
    • To manage payments, fees and charges;
    • To manage relationships with customers, such as communicating with them about goods and services, and providing customer service;
    • To administer and protect business and services, including troubleshooting, and performing data analysis, testing, system maintenance, support, reporting and hosting of data;
    • To detect, prevent, or otherwise address fraud, security or technical issues; and
    • To defend our interests in the event of a dispute;
    		 Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(i) (Consent)
    Google Cloud Platform (googlekrsupport@google.com) USA Identity Data, Profile Data, and Customer Technical Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing
    • To host starlink.com;
    • To retain Starlink customer data; and
    • To enable payment processors
    		 Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Google Analytics (googlekrsupport@google.com) USA Customer Technical Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To understand what may be of interest to a customer Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Microsoft Azure (privacy@microsoft.com) USA Website Technical Data and Customer Technical Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To administer and protect our business and services, including troubleshooting, and performing data analysis, testing, system maintenance, support, reporting and hosting of data; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Adyen (dpo@adyen.com) SG, JP, DE, NL Financial Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To manage payments, fees and charges Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    dLocal (dpo_usa@dlocal.com) USA Financial Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To manage payments, fees and charges Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    OneSource (compliance@onesourcevirtual.com) USA Identity Data, Contact Data, and Financial Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing
    • For the specific business purposes related to the goods and services we provide;
    • To manage payments, fees and charges;
    		 Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    OneTrust (DPO@onetrust.com) USA Identity Data, Contact Data, and Customer Technical Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing For the specific business purposes related to the goods and services we provide; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    SendGrid (privacy@twilio.com) USA Identity Data and Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To manage our relationship with customers, such as communicating with them about our goods and services, providing customer service, and notifying them of changes to our terms or privacy policy; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Twilio (privacy@twilio.com) USA Identity Data and Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To manage our relationship with customers, such as communicating with them about our goods and services, providing customer service, and notifying them of changes to our terms or privacy policy; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Google (googlekrsupport@google.com) USA See Section 1 of Global Privacy Policy On submission for storage and processing To manage our relationship with customers, such as communicating with them about our goods and services, providing customer service, and notifying them of changes to our terms or privacy policy; ~ Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    TypeForm (gdpr@typeform.com) USA Identity Data and Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To understand what may be of interest to a customer; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    DHL (Privacy.Policy@dhl.com) USA Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To process and deliver customer orders Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    FedEx (dataprivacy@fedex.com) USA Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To process and deliver customer orders Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    GoDaddy (privacy@godaddy.com) USA Identity Data and Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing For the specific business purposes related to the goods and services we provide; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Hubspot (privacy@hubspot.com) USA Contact data, Identity data, and Communication Information as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To understand what may be of interest to a customer; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law. Article 28-8(1)(iii) (Outsourci-ng or storage)
    Microsoft Dynamic 365 (privacy@microsoft.com) USA Identity Data, Contact Data, and Financial Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing For the specific business purposes related to the goods and services we provide; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    Comply Advantage (dpo@complyadvantage.com) USA Identity Data and Contact Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To comply in good faith with applicable laws, legal processes, and lawful government requests Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)
    hCaptcha (privacy@imachines.com) USA Customer Technical Data as outlined in Section 1 of Global Privacy Policy On submission for storage and processing To administer and protect our business and services, including troubleshooting, and performing data analysis, testing, system maintenance, support, reporting and hosting of data; Period necessary to fulfill the purposes mentioned on the left unless a longer retention period is required or permitted by law Article 28-8(1)(iii) (Outsourci-ng or storage)

    If you do not want your personal information to be transferred overseas as above, you can refuse by not agreeing to the cross-border transfer of such personal information, or by requesting us to stop such transfer by contacting privacy@spacex.com. However, if you refuse such cross-border transfers, you may not be able to use our Services.

  6. Procedures and Methods for Destruction of Personal Information

    We will permanently destroy your personal information either when the data retention period expires, when it is no longer necessary to fulfill the purposes for which it was originally included, or upon your request, through the process and methods set forth below.

    We select the relevant personal information to be destroyed and destroy it with the approval of our data protection officer or other appropriate person using industry standard deletion processes, or upon your request as required by law. When data is deleted on Google Cloud’s platform, on which we store personal information, a deletion pipeline is initiated. This process involves:

    • Confirming the deletion request.
    • Logically deleting data in phases, starting with immediate marking for deletion in active storage systems.
    • Isolating data from ordinary processing at the application layer.
    • Overwriting deleted data through successive compaction and mark-and-sweep deletion cycles.
    • Using cryptographic erasure to render deleted data unrecoverable.

    In the normal course of operations, deletion from active systems completes within two months of the deletion request. Data is also removed from Google's long-term backup systems, which retain snapshots of Google systems for up to 6 months (180 days).

  7. Data Subject Rights and How to Exercise Them

    You may exercise the following rights in relation to your personal information, subject to the limitations under the PIPA:

    • Right to access
    • Right to rectification
    • Right to erasure
    • Right to suspension of personal informationprocessing
    • Right to withdraw consent
    • Right to data portability
    • Right to request for explanation or object to the solely automated decision

    Your rights above can also be exercised by the methods described in Section 9 below. Your rights can also be exercised through your legal representative, agent or counsel who has the power and authority to act on your behalf. In this case, you should also submit a document which can prove such power and authority (e.g. signed form of power of attorney in case of an agent or counsel, as prescribed in the Personal Information Processing Method Notice of the Personal Information Protection Commission).

  8. Periods of Retention of Personal Information

    Notwithstanding Section 8 of the Global Privacy Policy, if we are required to retain your personal information in accordance with applicable South Korean laws, such as those listed below, we will do so for the purposes and durations prescribed by those laws:

    • Records of logins and IP addresses used: 3 months (Protection of Communications Secrets Act)
    • Records concerning labels and advertisements: 6 months (Act on the Consumer Protection in Electronic Commerce)
    • Records concerning cancellation of contracts or subscriptions: 5 years (Act on the Consumer Protection in Electronic Commerce)
    • Records relating to payments, provision of goods or services: 5 years (Act on the Consumer Protection in Electronic Commerce)
    • Records concerning consumer complaints or dispute resolution: 3 years (Act on the Consumer Protection in Electronic Commerce)

  9. Contact

    For questions regarding the Korea Notice, please contact us at:

    Email: privacy@spacex.com

    Mailing address: ATTN: Privacy/Legal Space Exploration Technologies Corp. 1 Rocket Road, Hawthorne, CA 90250 Email address: privacy@spacex.com