Coupang Pay Privacy Notice (V.1.8)

Coupang Pay Co., Ltd. (hereinafter referred to as “Coupang Pay”) establishes and publishes its privacy notice as follows to protect users’ personal data in accordance with the 「Personal Information Protection Act」 and to promptly and smoothly handle any distress related to privacy. Whenever there is a change or update to the privacy notice, Coupang Pay will continue to share the fact that the privacy policy has been changed or updated, when the change or update will take effect, and what has been changed or updated on its website.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang Pay processes personal data for the following purposes: The collected personal data will not be used for any purpose other than the original purpose for which it was collected, and if the purpose of use is changed, necessary measures such as obtaining a separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented. Coupang Pay processes and retains personal data for the retention period stipulated in applicable laws or/and the period notified and agreed upon when collecting the personal data from the seller. The retention periods of personal data stipulated in applicable laws are stated in “5. Personal data destruction procedures and methods.”
Coupang Pay collects the minimum amount of personal data for users to sign up for membership or use services.
Category Purpose of Provision Items to be collected Period of retention and use
Customer sign-up, customer management and service Customer sign-up and personal verification Coupang ID (email), name, date of birth, gender, mobile phone number, CI, DI, nationality (Korean or other citizens), payment password When you delete your account, the data will be stored for 90 days and then destroyed.
Prevention of fraudulent use and observance of anti-money laundering requirements Individuals Name, Nationality, address (Under enhanced due diligence(EDD)) real name [resident registration number, issuance date of resident registration certificate (Korean citizens), alien registration number, issuance date of alien registration certificate, international driver’s license, passport number, passport issuing country, passport validity (other citizens), resident registration abstract (minors)], occupation or type of business, purpose of transaction, source of funds
Businesses Sole proprietorship: Real name (name, date of birth, gender, CI, bank account information), address, contact information Corporation: Representative’s and owner’s name(s), date of birth, gender, nationality (Under enhanced due diligence(EDD)) resident registration number or alien registration number, occupation or type of business, purpose of transaction, source of funds
Detention of suspicious financial transactions Transaction details (transaction date, transaction amount), IP address, device information (OS type and version) When you delete your Coupang or Coupang Pay account, the date will be stored for six (6) months and then destroyed.
Payment and refund Payment service (payment, cancellation, payment account registration, account holder verification), payment fraud prevention, processing and analysis of refunds Bank account for payment (name, bank name, account number), credit card information (company name, virtual card number or masked card number), mobile phone information (carrier, number), bank account for refund (name, bank name, account number), bank account for settlement (name, bank name, account number) When the commercial contract ends, the data will be stored for five (5) years and then destroyed.
*  The end of commerce contract refers to the day when the electronic financial transaction agreement ends between Coupang Pay and the user.
Coupang Pay does not collect and store cookies that are automatically created when using this service for the purpose of processing personal data.

2. Provision and Consignment of Personal Information

Coupang Pay provides personal data for third parties only to the extent data subjects consent to in accordance with Article 17 of the Personal Information Protection Act. However, personal data may be provided to third parties when it is necessary or permitted by special provisions of the law, such as in the case that falls under Article 18 of the Personal Information Protection Act.
Personal data may also be provided to third parties when it is permitted by special provisions of the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Protection Of Communications Secrets Act, the Telecommunications Business Act, the Act on the Consumer Protection in Electronic Commerce, the Framework Act on National Taxes, the Credit Information Use and Protection Act, the Framework Act on Consumers, etc. or when there is a case requested by lawful procedures such as a warrant or a written document sealed by the head of an agency. Coupang Pay may also provide personal data to third parties without data subjects’ consent in case of emergencies, such as natural disasters, pandemics, life-threatening events or accidents, and loss of property.
The provision of personal information to third parties
Coupang Pay entrusts the processing of personal data for seamless processing of personal information. When Coupang Pay entrusts the processing of personal data, it explicitly indicates prohibition of personal data processing for the purpose other than entrustment purposes, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of entrusted entity and compensation for damages in a document such as a contract and oversees and supervises the entrusted entity to make sure that it handles personal data in a secure manner.
Entrusted entityPurpose of entrustment
Coupang Corp.System development and operation, service operation, customer service and management
NHN KCP, Nice I&T, Danal, KG Mobilians, Korea Information Communication, Galaxia Moneytree, Hecto Financial, NICE Payments, doznAuthentication of payment methods and processing of payment (bank transfer, credit card, mobile payment, creation and management of virtual account, deposit without bankbook, and other payment methods; verification of account for refund), cash receipt issuance
Korea Mobile Certification, Korea Credit Bureau, ThinkAT, InbiznetIdentity verification, ARS authentication for obtaining consent to debit transfer
Amazon Web ServicesProcessing of personal data in cloud infrastructure

3. Use and Provision Without User’s Consent

Coupang Pay processes and provides data to the extent that data subjects consent to. In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, Coupang Pay uses the criteria stated below to decide whether to use or provide data outside the scope that data subjects agree to.
  • Relevance to purposes of personal data collection
  • Whether further use or provision of personal data is foreseeable given the circumstances where personal data is collected or the personal data processing practices;
  • Whether the interests of data subjects are infringed upon;
  • Whether measures to ensure personal data safety, such as pseudonymization or encryption, have been taken
  • 4. Processing of Pseudonymized Information

    Coupang Pay may pseudonymize personal data collected in a way that cannot identify individuals if needed for the purpose of statistics, scientific research, record preservation for public purposes, etc.
    When Coupang Pay performs or entrusts pseudonymization of data or provide pseudonymized data to a third party, we will announce it through this privacy policy in accordance with Article 28-2 to 28-7 of the 「Personal Information Protection Act」. Coupang Pay will ensure that it pseudonymizes the minimum number of items of information, separate and manage pseudonymized data to avoid reidentification of individuals and take technical and administrative protection measures needed.

    5. Procedure for and Methods of Destroying Personal Information

    Coupang Pay destroys personal data without delay when it becomes unnecessary because the retention period has expired or the purpose of personal data processing has been achieved. According to the “Personal Data Validity Rule,” Coupang Pay separately stores or deletes the personal data of data subjects who have not used its services for one year.
    The personal data destruction procedures and methods are as follows:
  • Procedures: Personal data that has met its purpose is separately stored for a certain period of time and then destroyed in accordance with internal policy and applicable laws and regulations.
  • How: Personal data stored in electronic files is destroyed in a way that it cannot be restored. If it is contained on paper, the paper is shredded.
  • If it is necessary to store personal data even after the personal data retention period agreed upon by the data subject has expired or the purpose of data processing has been met due to other laws or regulations, the personal data shall be stored and managed separately.
    Retained Data Retention Period Relevant Statute
    Personal credit data
    5 years
    Credit Information Use and Protection Act
    Customer due diligence data
    5 years
    Act on Reporting and Using Specified Financial Transaction Information
    Records of computer communication, internet logs, and access point tracking data
    3 months
    Protection of Communications Secrets Act
    Records on electronic financial transactions
    5 years
    Electronic Financial Transactions Act
    Records of handling consumer complaints or disputes
    3 years
    Act on Consumer Protection in Electronic Commerce
    Records of contractions, subscription withdrawals, payments, supply of goods, etc.
    5 years
    Records of labeling and advertising
    6 months

    6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

    The personal data of data subjects can be viewed as follows: If there is any personal data that cannot be viewed directly through Coupang Pay’s service or you would like to correct, withdraw your consent, request to delete data or suspend data processing,  you can reach out to the department handling relevant matters in “9. Chief Privacy Offier and department handling personal data-related complaints.” Your request will be answered within 10 days. The legal representative or the authorized representative of a data subject shall submit a power of attorney to prove that they are a legitimate representative.
    1. Go to the Coupang website and click
      • “My Coupang” > “My Benefits” > “Coupang Cash/Gift Card” > “Coupang Cash accumulation and usage history”
      • “My Coupang” > “My Information” > “Payment Method/Coupay Management” > “Coupay Usage History / Coupay Accumulation Benefits”
    2. Open the Coupang mobile app and go to
      • “My Coupang” > “Coupang Cash Gift Card Partner Points” > “Coupang Cash accumulation and usage history”
      • “Payment method/Coupay” > “Coupang Cash accumulation and usage history” > “Coupay money/account/card usage history”
    However, it may not be possible to withdraw your consent, delete data or suspend data processing.
  • There are special provisions in the law or when it is unavoidable to fulfill the legal obligations
  • There is a risk of harming the body or life of another person or unfairly infringing on the property and other interests of another person
  • The services a customer agree to cannot be provided without processing the customer’s personal data and the customer has not clearly indicated whether to withdraw the agreement
  • ID and password shall not be transferred or loaned to another person, and Coupang Pay is not responsible for any issues caused by it. If you damage the personal data and dignity of others, you may be subject to punishment according to the “Personal Information Protection Act” and “Information and Communications Network Act.”

    7. Personal Information Safeguard Measures

    Coupang Pay takes technical and administrative protection measures to prevent personal information from being lost, stolen, leaked, altered or damaged in processing customers’ personal data.
  • Technical measures: Real-time monitoring and blocking of hacking attempts and leaks, application of enhanced access control to the personal data processing system, storage of access records and application of forgery prevention, storage of encrypted user passwords and important data, encryption of transmission information
  • Administrative measures: Operation of a dedicated organization for personal data protection, regular training for personal data controllers, personal data awareness activities for employees, and regular auditing to check compliance status
  • 8. Chief Privacy Officer and Inquiry Response Team

    Coupang Pay has a Chief Privacy Officer who oversees the processing of personal data and handles customers’ personal data-related complaints and damage reliefs.
    Division Point of contact
    Chief Privacy Officer(CPO)
    Wanseok Seo
    Personal Data Protection Department
    Data Governance
    Department handling personal data-related complaints and concerns
  • Personal Information Infringement Report Center (without local number) 118 /
  • Personal Information Dispute Mediation Committee 1833-6972 /
  • Supreme Prosecutors’ Office, Cyber Investigation Division (without local number) 1301 /
  • Korea National Police Agency, Cyber Bureau (without local number) 182 /
  • Version: 1.8

    Effective date: 2022.09.16

    Scroll to Top