Coupang Pay Privacy Notice

Coupang Pay Privacy Notice (V.2.8)

1. Personal Information Collected, Purpose of Collection, and Retention Period

2. Provision and Consignment of Personal Information

3. Use and Provision Without User’s Consent

4. Processing of Pseudonymized Information

5. Procedure for and Methods of Destroying Personal Information

6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

7. Personal Information Safeguard Measures

8. Personal Information Protection Department and Complaint Handling Department

Coupang Pay Co., Ltd. (hereinafter referred to as “Coupang Pay”) establishes and publishes its privacy notice as follows to protect users’ personal data in accordance with the 「Personal Information Protection Act」 and to promptly and smoothly handle any distress related to privacy. Whenever there is a change or update to the privacy notice, Coupang Pay will continue to share the fact that the privacy policy has been changed or updated, when the change or update will take effect, and what has been changed or updated on its website.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang Pay processes personal data for the following purposes: The collected personal data will not be used for any purpose other than the original purpose for which it was collected, and if the purpose of use is changed, necessary measures such as obtaining a separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented. Coupang Pay processes and retains personal data for the retention period stipulated in applicable laws or/and the period notified and agreed upon when collecting the personal data from the seller. The retention periods of personal data stipulated in applicable laws are stated in “5. Procedure for and Methods of Destroying Personal Information.”

Coupang Pay collects the minimum amount of personal data for users to sign up for membership or use services.

Category	Purpose of Provision		Items to be collected	Period of retention and use
Customer sign-up, customer management and service	Customer sign-up and User Identification (Personal verification)		Coupang ID (email), Coupang customer management number, name, date of birth, gender, mobile phone number, Connecting Information (CI), Duplication Information (DI), nationality (Korean or other citizens), payment password	When you delete your account, the data will be stored for a maximum of 5 years and then destroyed. (If the purpose of using the data is achieved before the end of this period, it will be destroyed within 3 months of achieving the purpose.)
	Prevention of fraudulent use and observance of anti-money laundering requirements	Individuals	Name, Nationality, address (Under enhanced due diligence(EDD)) real name [resident registration number, issuance date of resident registration certificate (Korean citizens), alien registration number, issuance date of alien registration certificate, international driver’s license, passport number, passport issuing country, passport validity (other citizens), resident registration abstract (minors)], occupation or type of business, purpose of transaction, source of funds
		Businesses	Sole proprietorship: Real name (name, date of birth, gender, CI, bank account information), address, contact information Corporation: Representative’s and owner’s name(s), date of birth, gender, nationality (Under enhanced due diligence(EDD)) resident registration number or alien registration number, occupation or type of business, purpose of transaction, source of funds
	Detection and prevention of illegal use/transactions and suspicious financial transactions		Coupang ID (email), Coupang customer management number, name, date of birth, gender, mobile phone number, Connecting Information (CI), Duplication Information (DI), nationality (Korean or other citizens), payment password, Payment information(Payment information (for account registration/transfer): Name, bank name, account number, payment history \| Credit card information (for card registration/payment): card company(type), virtual card number (or masked card number), payment history \| Credit card information for overseas card registration/payment: card company(type), overseas credit card number, expiration date, payment history \| Mobile phone information (for mobile payment): Mobile carrier name, phone number, payment history \| Coupang Cash information (for Coupang Cash payment): History of Coupang Cash reward, usage, and refund, etc. \| Coupay Money information (for Coupay Money usage): History of Coupay Money top-up, usage, refund, etc.), Refund information (Refund account information: Name, bank name, account number, refund history), Transaction details (transaction date, transaction amount, recipient name, recipient phone number, recipient address ), access logs, access IP information, device information (OS type and version)
Wow card service	Wow card service provision, affiliated card issuance, auto-registration into Coupay, affiliated service provision and settlement, customer service		Connecting Information (CI), Card ID, mobile phone number, date of birth, gender, Coupang Cash info (Reward history, rewarded amount, etc.)
Payment processing and Customer consultation	Payment service (payment, cancellation, payment account registration, account holder verification), payment fraud prevention, processing and analysis of refunds		Payment information(Payment information (for account registration/transfer): Name, bank name, account number, payment history \| Credit card information (for card registration/payment): card company(type), virtual card number (or masked card number), payment history \| Credit card information for overseas card registration/payment: card company(type), overseas credit card number, expiration date, payment history \| Mobile phone information (for mobile payment): Mobile carrier name, phone number, payment history \| Coupang Cash information (for Coupang Cash payment): History of Coupang Cash reward, usage, and refund, etc. \| Coupay Money information (for Coupay Money usage): History of Coupay Money top-up, usage, refund, etc.), Refund information (Refund account information: Name, bank name, account number, refund history)

* The end of commerce contract refers to the day when the electronic financial transaction agreement ends between Coupang Pay and the user.
Coupang Pay does not collect and store cookies that are automatically created when using this service for the purpose of processing personal data.

Coupang Pay receives personal data from third parties for the provision of services, affiliation, etc.

Providing Party	Purpose of Provision	Provided Items
Coupang	Provision of Coupang Cash services	ID(email)
(When Coupay services are used for the first time for payment) Coupang Pay payment service sign-up, member identity verification, member information management, confirmation of details of payment authorization and transaction instructions, and customer inquiry response	ID(email), Coupang customer management number
(When Coupay services are used for the first time for payment) Member management	ID (email), Coupang customer management number, information required for identity verification (name, date of birth, gender, mobile phone number, CI, DI, nationality)
(When Coupay services are used for the first time for payment) Detection/prevention of fraudulent use (transactions) and abnormal activities	ID (email), Coupang customer management number, transaction details (transaction date, transaction amount, recipient name, recipient phone number, recipient address), account status
(When conducting identity verification on Coupang) Coupang Pay member confirmation and Coupang Pay member information update	ID (email), Coupang customer management number, information required for identity verification (name, date of birth, gender, mobile phone number, CI, DI, nationality)
(When registering an overseas card on Coupay) Coupang Pay payment service sign-up, customer identity verification, and confirmation of details of payment authorization and transaction instructions	ID (email), Coupang customer management number, order ID
(When registering an overseas card on Coupay) Customer inquiry response	ID (email), Coupang customer management number, order ID, name, phone number
(When registering an overseas card on Coupay) Detection and prevention of fraudulent use (transactions) and abnormal activities	ID (email), Coupang customer management number, phone number, name, date of birth, transaction details (order ID, transaction date, transaction amount, recipient name, recipient phone number, recipient address), access log, access IP information, device information
Confirmation of whether a user is a Coupang member to convert Coupang Cash into partner points	CI
Confirmation of whether a user is a Coupang member to convert partner points into Coupang Cash	Customer management number
Prefilled information when applying for Coupang Wow Card	Customer management number, address
Application of preferential review	Coupang usage history – number of transactions, product category ratio, amount, ratio of payment methods, and number of each method; Coupay Money usage history – number of transactions, ratio, and amount; PayLater service usage history – usage period and amount * All usage history is aggregated and provided based on the total amount used over the last one-year period, and separate usage history is not provided.
Provision of gift card services	Masked name, phone number, member management number, gift ID, exchange code, purchased amount
Shinhan Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit information) Card number
Lotte Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit information) Card ID, card number
Samsung Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit information) Virtual card number, card number
Hyundai Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Personal information) Member ID (Credit information) Card ID, card number, OTC (virtual card number), card product information
NH Nonghyup Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit transaction information) Card ID, OTC (virtual card number), masked card number
KB Kookmin Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Personal information) Member ID (Credit information) Card ID (alternative card number), OTC (one-time virtual card number)
Point conversion service	Conversion-related information (Connecting Information (CI), remaining points, converted points, date and time of conversion), Pointree viewing
Affiliate service provision and settlement	Connecting Information (CI), normal/cancellation status, slip acquisition date, authorized date and time, authorization number, authorized amount, merchant number, merchant name, pending points, reward processing date, Coupang sales classification, reward service classification code, credit/debit classification, excess slip status, slip number
Coupay automatic registration (limited to applicants)	Application submission number, card ID
Product and service R&D, provision of product and service information, and recommendation of their use	Connecting Information (CI), credit sale availability classification, termination status and reason
Hana Card	Hana Money point conversion service	Connecting Information (CI), Hana Money balance, statement of exchanged points, transaction history information
Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit information) OTC (virtual card number), card number (some digits only) (1-6, 13-15), card product information (card product name, cardholder classification, card classification, card image URL)
Citi Card	Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit information) Token number, token validity period, card number (7-12 digits masked), card product information (card name, issuer, credit/debit classification, cardholder classification)
Woori Card	Viewing, use, and settlement of Woori WON Honey Money (Moa Points)	CI, Woori WON Honey Money balance, available points, used points, date and time of point use, affiliate transaction serial number
Card registration and management, payment processing, consultation, and complaint handling within Coupang Pay services	(Credit Information) Virtual card number (card ID), card number, one-time authorization code (OTC)
Korea Culture Promotion	Coupang Cash conversion	Encrypted Connection Information(CI)

A Coupang Pay customer may demand the suspension of the processing of personal data or withdraw their consent to the processing of personal data pursuant to Article 37 (Suspension of Processing of Personal Information) of the Personal Information Protection Act.
However, the customer may be restricted from using Coupang Pay services if the processing of their personal data is suspended.

2. Provision and Consignment of Personal Information

Coupang Pay provides personal data for third parties only to the extent data subjects consent to in accordance with Article 17 of the Personal Information Protection Act. However, personal data may be provided to third parties when it is necessary or permitted by special provisions of the law, such as in the case that falls under Article 18 of the Personal Information Protection Act.

Personal data may also be provided to third parties when it is permitted by special provisions of the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Protection Of Communications Secrets Act, the Telecommunications Business Act, the Act on the Consumer Protection in Electronic Commerce, the Framework Act on National Taxes, the Credit Information Use and Protection Act, the Framework Act on Consumers, etc. or when there is a case requested by lawful procedures such as a warrant or a written document sealed by the head of an agency. Coupang Pay may also provide personal data to third parties without data subjects’ consent in case of emergencies, such as natural disasters, pandemics, life-threatening events or accidents, and loss of property.

Recipient	Purpose of Provision	Information provided	Retention and usage period
Credit card companies, including KB Kookmin, BC, Lotte, Samsung, NH Nonghyup, Hyundai, Shinhand, Hana, Woori, Citi	Payment processing, prevention of payment fraud, identification and name verification for registration of easy payment service	Credit card company name(type), date of birth, Connecting Information (CI)	The data will be securely disposed of after being stored in accordance with the credit card issuance contract.
Banks where customers’ bank account is opened, including KB Kookmin, Woori, Shinhan, Industrial of Korea, NH Nonghyup, Kyongnam, Kwangju, Daegu, Busan, Korea Development, Suhyup, National Credit Union Federation of Korea, Korean Federation of Community Credit Cooperatives, Citi, Korea Post, Jeonbuk, Jeju, SC, KEB Hana, Toss, Kakao, K	Payment processing, prevention of payment fraud, identification and name verification for provision of service, checking or redeeming reward points	Bank account(Name, bank name, account number), date of birth	The data will be securely disposed of after being stored in accordance with the bank account issuance contract.
Korea Financial Telecommunications & Clearings Institute	Processing of debit transfer, confirmation of withdrawal agreement, registration of debit transfer, notification of withdrawal	Bank account(Name, bank name, account number), mobile phone number, date of birth, Connecting Information (CI)	The data will be securely disposed of after being stored in accordance with the obligations stipulated by the Korea Financial Telecommunications & Clearings Institute.
KEB Hana Card, Woori Card, KB Kookmin Card, Korea Culture Promotion Inc	Checking or redeeming partner points (point swaps)	Connecting Information (CI), point swap requested amount, Coupang Cash balance	The data will be securely disposed of upon the member’s withdrawal
KB Card	Coupang Wow card issuance and service provision	Connecting Information (CI), address, mobile phone number, payment account, date of birth, gender	The data will be securely disposed of five years after the service term concludes (unless specified otherwise by relevant laws or regulations, in which case, the stipulated period will be followed)
Facilitating the seamless provision of affiliated services through customer statistics and analysis, supporting the research and development of products and services, and guiding and soliciting products and services	Connecting Information (CI), date and time of transaction, authorization number, transaction amount	The data will be securely disposed of five years after the service term concludes (unless specified otherwise by relevant laws or regulations, in which case, the stipulated period will be followed)
KCP	Enabling offline payments through Coupang Pay	Name, IP address, email, mobile phone number of purchaser, UUID, purchase amount, product name and customer identifier	Information associated with a payment method registered in the easy payment service will be retained until the customer opts out of the service. Payment history will be kept for five years.
Coupang Corp.	Identifying payment methods and seamlessly processing payments/orders	Coupang ID (email), bank name, part of the bank account number, Credit card company name(type), virtual card number (or masked card number), whether one-touch payment is activated	The data will be securely disposed of upon the member’s withdrawal.
Updating Coupang customer information	Coupang ID (email), Coupang customer management number, name, date of birth, gender, mobile carrier, mobile phone number, Connecting Information (CI), Duplication Information (DI), nationality (Korean or other citizens), Wow card issuance status	The data will be stored for 90 days after the member’s withdrawal, and then securely disposed of.
Handling of integrated customer service (CS) tasks	Coupang Pay information required for customer consultations (membership details, usage information, Coupang Cash information, etc.)	The data pertains to customer complaints or dispute resolution and will be securely disposed of after being retained for a period of 3 years.

Coupang Pay entrusts the processing of personal data for seamless processing of personal information. When Coupang Pay entrusts the processing of personal data, it explicitly indicates prohibition of personal data processing for the purpose other than entrustment purposes, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of entrusted entity and compensation for damages in a document such as a contract and oversees and supervises the entrusted entity to make sure that it handles personal data in a secure manner.

Entrusted entity	Purpose of entrustment	Re-consignee (Purpose of reconsignment)
Coupang Corp.	System development and operation, service operation, customer service and management	GSNEOTECH (Consultation System Maintenance)
NHN Cloud	Message delivery service	–
KSJOB	Customer Service
Transcosmos Korea	Detection of suspicious financial transactions	–
RCN Partners	Prevention of fraudulent use and anti-money laundering	–
NHN KCP, Nice I&T, Danal, KG Mobilians, Korea Information Communication, NICE Payments, dozn	Authentication of payment methods and processing of payment (bank transfer, credit card, mobile payment, creation and management of virtual account, deposit without bankbook, and other payment methods; verification of account for refund), cash receipt issuance	–
Galaxia Moneytree	Payment Gateway Service	HYOSUNG ITX(Customer Service and Refund response), DAOL Credit Information (Information and collection of unpaid fees for small payments)
Hecto Financial	Payment Gateway Service	Dream Bear (Service-related Complaints), Q Office (Service related complaint handling and service monitoring), SK Broadband (Customer Service Processing System)
Korea Mobile Certification, Korea Credit Bureau, ThinkAT, Inbiznet	Identity verification, ARS authentication for obtaining consent to debit transfer	–
Beomik	AML(Anti-Money Laundering) System development	–
Amazon Web Services	Processing of personal data in cloud infrastructure	–

The following personal information processing tasks have been entrusted to the overseas service provider as below:

Overseas service provider entrusted to provide personal information processing tasks

Service provider	Country	Timing and method	Details	Task objective	Retention and use period
CYBERSOURCE INTERNATIONAL	US	Transmit personal information using a secure network when registering overseas cards for payment service and processing payments	Coupang customer management number, order ID, country, overseas credit card number, expiration date, payment history, name	Processing of overseas card payments	The data will be securely disposed of upon termination of the entrustment agreement.

3. Use and Provision Without User’s Consent

Coupang Pay processes and provides data to the extent that data subjects consent to. In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, Coupang Pay uses the criteria stated below to decide whether to use or provide data outside the scope that data subjects agree to.

Relevance to purposes of personal data collection
Whether further use or provision of personal data is foreseeable given the circumstances where personal data is collected or the personal data processing practices
Whether the interests of data subjects are infringed upon
Whether measures to ensure personal data safety, such as pseudonymization or encryption, have been taken
Provides payment information and payment history to institutions that use our payment services to confirm customers’ Coupang Pay payment history

4. Processing of Pseudonymized Information

Coupang Pay may pseudonymize personal data collected in a way that cannot identify individuals if needed for the purpose of statistics, scientific research, record preservation for public purposes, etc.

When Coupang Pay performs or entrusts pseudonymization of data or provide pseudonymized data to a third party, we will announce it through this privacy policy in accordance with Article 28-2 to 28-7 of the 「Personal Information Protection Act」. Coupang Pay will ensure that it pseudonymizes the minimum number of items of information, separate and manage pseudonymized data to avoid reidentification of individuals and take technical, administrative, and physical protection measures needed.

5. Procedure for and Methods of Destroying Personal Information

Coupang Pay destroys personal data without delay when it becomes unnecessary because the retention period has expired or the purpose of personal data processing has been achieved.

The personal data destruction procedures and methods are as follows:

Procedures: Personal data that has met its purpose is separately stored for a certain period of time and then destroyed in accordance with internal policy and applicable laws and regulations.

How: Personal data stored in electronic files is destroyed in a way that it cannot be restored. If it is contained on paper, the paper is shredded.

If it is necessary to store personal data even after the personal data retention period agreed upon by the data subject has expired or the purpose of data processing has been met due to other laws or regulations, the personal data shall be stored and managed separately.

Retained Data	Retention Period	Relevant Statute
Personal credit data	5 years	Credit Information Use and Protection Act
Customer due diligence data	5 years	Act on Reporting and Using Specified Financial Transaction Information
Records of computer communication, internet logs, and access point tracking data	3 months	Protection of Communications Secrets Act
Records on electronic financial transactions	5 years	Electronic Financial Transactions Act
Records of handling consumer complaints or disputes	3 years	Act on Consumer Protection in Electronic Commerce
Records of contractions, subscription withdrawals, payments, supply of goods, etc.	5 years
Records of labeling and advertising	6 months

6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

The personal data of data subjects can be viewed as follows: If there is any personal data that cannot be viewed directly through Coupang Pay’s service or you would like to correct, withdraw your consent, request to delete data or suspend data processing, you can reach out to the department handling relevant matters in “8. Personal Information Protection Department and Complaint Handling Department.” Your request will be answered within 10 days. The legal representative or the authorized representative of a data subject shall submit a power of attorney to prove that they are a legitimate representative.

hidden

How to check your personal data through Coupang Pay’s services

Go to the Coupang website and click
- “My Coupang” > “My Benefits” > “Coupang Cash/Gift Card” > “Coupang Cash accumulation and usage history”
- “My Coupang” > “My Information” > “Payment Method/Coupay Management” > “Coupay Usage History / Coupay Accumulation Benefits”
Open the Coupang mobile app and go to
- “My Coupang” > “Coupang Cash Gift Card Partner Points” > “Coupang Cash accumulation and usage history”
- “My Coupang” > “Payment method/Coupay” > “Coupay money/account/card usage history” / “Coupay Money awaiting topping-up”

However, it may not be possible to withdraw your consent, delete data or suspend data processing.

There are special provisions in the law or when it is unavoidable to fulfill the legal obligations

There is a risk of harming the body or life of another person or unfairly infringing on the property and other interests of another person

The services a customer agree to cannot be provided without processing the customer’s personal data and the customer has not clearly indicated whether to withdraw the agreement

ID and password shall not be transferred or loaned to another person, and Coupang Pay is not responsible for any issues caused by it. If you damage the personal data and dignity of others, you may be subject to punishment according to the “Personal Information Protection Act” and “Information and Communications Network Act.”

7. Personal Information Safeguard Measures

Coupang Pay takes technical, administrative, and physical protection measures to prevent personal information from being lost, stolen, leaked, altered or damaged in processing customers’ personal data.

Technical measures: Real-time monitoring and blocking of hacking attempts and leaks, application of enhanced access control to the personal data processing system, storage of access records and application of forgery prevention, storage of encrypted user passwords and important data, encryption of transmission information
Administrative measures: Operation of a dedicated organization for personal data protection, regular training for personal data controllers, personal data awareness activities for employees, and regular auditing to check compliance status
Physical measures: Installation and operation of systems in areas where external access is controlled and establishment and operation of safe access control procedures

8. Personal Information Protection Department and Complaint Handling Department

Coupang Pay has a Personal Information Protection Department that oversees the processing of personal data and handles customers’ personal data-related complaints and damage reliefs.

Division		Point of contact
Personal Information Protection Department		Fintech Privacy
Department handling personal data-related complaints and concerns	Phone	1577-7011
	Email	help@coupang.com

Personal Information Dispute Mediation Committee 1833-6972 / www.kopico.go.kr
Personal Information Infringement Report Center (without local number) 118 / privacy.kisa.or.kr
Supreme Prosecutors’ Office (without local number) 1301 / www.spo.go.kr
Korea National Police Agency (without local number) 182 / ecrm.police.go.kr

Version: 2.8

Effective date: November 11, 2024

Announcements