Coupang Pay Privacy Notice (V.2.5)
Coupang Pay Co., Ltd. (hereinafter referred to as “Coupang Pay”) establishes and publishes its privacy notice as follows to protect users’ personal data in accordance with the 「Personal Information Protection Act」 and to promptly and smoothly handle any distress related to privacy. Whenever there is a change or update to the privacy notice, Coupang Pay will continue to share the fact that the privacy policy has been changed or updated, when the change or update will take effect, and what has been changed or updated on its website.
1. Personal Information Collected, Purpose of Collection, and Retention Period
Coupang Pay processes personal data for the following purposes: The collected personal data will not be used for any purpose other than the original purpose for which it was collected, and if the purpose of use is changed, necessary measures such as obtaining a separate consent in accordance with Article 18 of the 「Personal Information Protection Act」 will be implemented. Coupang Pay processes and retains personal data for the retention period stipulated in applicable laws or/and the period notified and agreed upon when collecting the personal data from the seller. The retention periods of personal data stipulated in applicable laws are stated in “5. Personal data destruction procedures and methods.”
Coupang Pay collects the minimum amount of personal data for users to sign up for membership or use services.
| Category | Purpose of Provision | Items to be collected | Period of retention and use | |
|---|---|---|---|---|
| Customer sign-up, customer management and service | Customer sign-up and User Identification (Personal verification) | Coupang ID (email), Coupang customer management number, name, date of birth, gender, mobile phone number, Connecting Information (CI), Duplication Information (DI), nationality (Korean or other citizens), payment password | When you delete your account, the data will be stored for a maximum of 5 years and then destroyed. (If the purpose of using the data is achieved before the end of this period, it will be destroyed within 3 months of achieving the purpose.) | |
| Prevention of fraudulent use and observance of anti-money laundering requirements | Individuals | Name, Nationality, address (Under enhanced due diligence(EDD)) real name [resident registration number, issuance date of resident registration certificate (Korean citizens), alien registration number, issuance date of alien registration certificate, international driver’s license, passport number, passport issuing country, passport validity (other citizens), resident registration abstract (minors)], occupation or type of business, purpose of transaction, source of funds | ||
| Businesses | Sole proprietorship: Real name (name, date of birth, gender, CI, bank account information), address, contact information Corporation: Representative’s and owner’s name(s), date of birth, gender, nationality (Under enhanced due diligence(EDD)) resident registration number or alien registration number, occupation or type of business, purpose of transaction, source of funds | |||
| Detection and prevention of illegal use/transactions and suspicious financial transactions | Coupang ID (email), Coupang customer management number, name, date of birth, gender, mobile phone number, Connecting Information (CI), Duplication Information (DI), nationality (Korean or other citizens), payment password, Payment information(Payment information (for account registration/transfer): Name, bank name, account number, payment history | Credit card information (for card registration/payment): card company(type), virtual card number (or masked card number), payment history | Credit card information for overseas card registration/payment: card company(type), overseas credit card number, expiration date, payment history | Mobile phone information (for mobile payment): Mobile carrier name, phone number, payment history | Coupang Cash information (for Coupang Cash payment): History of Coupang Cash reward, usage, and refund, etc. | Coupay Money information (for Coupay Money usage): History of Coupay Money top-up, usage, refund, etc.), Refund information (Refund account information: Name, bank name, account number, refund history), Transaction details (transaction date, transaction amount, recipient name, recipient phone number, recipient address ), access logs, access IP information, device information (OS type and version) | |||
| Wow card service | Wow card service provision, affiliated card issuance, auto-registration into Coupay, affiliated service provision and settlement, customer service | Connecting Information (CI), Card ID, mobile phone number, date of birth, gender, Coupang Cash info (Reward history, rewarded amount, etc.) | ||
| Payment processing and Customer consultation | Payment service (payment, cancellation, payment account registration, account holder verification), payment fraud prevention, processing and analysis of refunds | Payment information(Payment information (for account registration/transfer): Name, bank name, account number, payment history | Credit card information (for card registration/payment): card company(type), virtual card number (or masked card number), payment history | Credit card information for overseas card registration/payment: card company(type), overseas credit card number, expiration date, payment history | Mobile phone information (for mobile payment): Mobile carrier name, phone number, payment history | Coupang Cash information (for Coupang Cash payment): History of Coupang Cash reward, usage, and refund, etc. | Coupay Money information (for Coupay Money usage): History of Coupay Money top-up, usage, refund, etc.), Refund information (Refund account information: Name, bank name, account number, refund history) | ||
* The end of commerce contract refers to the day when the electronic financial transaction agreement ends between Coupang Pay and the user.
Coupang Pay does not collect and store cookies that are automatically created when using this service for the purpose of processing personal data.
2. Provision and Consignment of Personal Information
Coupang Pay provides personal data for third parties only to the extent data subjects consent to in accordance with Article 17 of the Personal Information Protection Act. However, personal data may be provided to third parties when it is necessary or permitted by special provisions of the law, such as in the case that falls under Article 18 of the Personal Information Protection Act.
Personal data may also be provided to third parties when it is permitted by special provisions of the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, the Protection Of Communications Secrets Act, the Telecommunications Business Act, the Act on the Consumer Protection in Electronic Commerce, the Framework Act on National Taxes, the Credit Information Use and Protection Act, the Framework Act on Consumers, etc. or when there is a case requested by lawful procedures such as a warrant or a written document sealed by the head of an agency. Coupang Pay may also provide personal data to third parties without data subjects’ consent in case of emergencies, such as natural disasters, pandemics, life-threatening events or accidents, and loss of property.
The provision of personal information to third parties
Coupang Pay entrusts the processing of personal data for seamless processing of personal information. When Coupang Pay entrusts the processing of personal data, it explicitly indicates prohibition of personal data processing for the purpose other than entrustment purposes, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of entrusted entity and compensation for damages in a document such as a contract and oversees and supervises the entrusted entity to make sure that it handles personal data in a secure manner.
| Entrusted entity | Purpose of entrustment | Re-consignee (Purpose of reconsignment) |
|---|---|---|
| Coupang Corp. | System development and operation, service operation, customer service and management | GSNEOTECH (Consultation System Maintenance), KBSJOB(Customer Service) |
| NHN Cloud | Message delivery service | |
| Transcosmos Korea | Detection of suspicious financial transactions | |
| RCN Partners | Prevention of fraudulent use and anti-money laundering | |
| NHN KCP, Nice I&T, Danal, KG Mobilians, Korea Information Communication, NICE Payments, dozn | Authentication of payment methods and processing of payment (bank transfer, credit card, mobile payment, creation and management of virtual account, deposit without bankbook, and other payment methods; verification of account for refund), cash receipt issuance | |
| Galaxia Moneytree | Payment Gateway Service | HYOSUNG ITX(Customer Service and Refund response), DAOL Credit Information (Information and collection of unpaid fees for small payments) |
| Hecto Financial | Payment Gateway Service | Dream Bear (Service-related Complaints), Q Office (Service related complaint handling and service monitoring), SK Broadband (Customer Service Processing System) |
| Korea Mobile Certification, Korea Credit Bureau, ThinkAT, Inbiznet | Identity verification, ARS authentication for obtaining consent to debit transfer | |
| Beomik | AML(Anti-Money Laundering) System development | |
| Amazon Web Services | Processing of personal data in cloud infrastructure |
The following personal information processing tasks have been entrusted to the overseas service provider as below:
Overseas service provider entrusted to provide personal information processing tasks
| Service provider | Country | Timing and method | Details | Task objective | Retention and use period |
|---|---|---|---|---|---|
| CYBERSOURCE INTERNATIONAL | US | Transmit personal information using a secure network when registering overseas cards for payment service and processing payments | Coupang customer management number, order ID, country, telephone number, overseas credit card number, expiration date, payment history | Processing of overseas card payments | The data will be securely disposed of upon termination of the entrustment agreement. |
3. Use and Provision Without User’s Consent
Coupang Pay processes and provides data to the extent that data subjects consent to. In accordance with Article 15 (3) and Article 17 (4) of the Personal Information Protection Act, Coupang Pay uses the criteria stated below to decide whether to use or provide data outside the scope that data subjects agree to.
4. Processing of Pseudonymized Information
Coupang Pay may pseudonymize personal data collected in a way that cannot identify individuals if needed for the purpose of statistics, scientific research, record preservation for public purposes, etc.
When Coupang Pay performs or entrusts pseudonymization of data or provide pseudonymized data to a third party, we will announce it through this privacy policy in accordance with Article 28-2 to 28-7 of the 「Personal Information Protection Act」. Coupang Pay will ensure that it pseudonymizes the minimum number of items of information, separate and manage pseudonymized data to avoid reidentification of individuals and take technical and administrative protection measures needed.
5. Procedure for and Methods of Destroying Personal Information
Coupang Pay destroys personal data without delay when it becomes unnecessary because the retention period has expired or the purpose of personal data processing has been achieved.
The personal data destruction procedures and methods are as follows:
Procedures: Personal data that has met its purpose is separately stored for a certain period of time and then destroyed in accordance with internal policy and applicable laws and regulations.
How: Personal data stored in electronic files is destroyed in a way that it cannot be restored. If it is contained on paper, the paper is shredded.
If it is necessary to store personal data even after the personal data retention period agreed upon by the data subject has expired or the purpose of data processing has been met due to other laws or regulations, the personal data shall be stored and managed separately.
| Retained Data | Retention Period | Relevant Statute |
|---|---|---|
| Personal credit data | 5 years | Credit Information Use and Protection Act |
| Customer due diligence data | 5 years | Act on Reporting and Using Specified Financial Transaction Information |
| Records of computer communication, internet logs, and access point tracking data | 3 months | Protection of Communications Secrets Act |
| Records on electronic financial transactions | 5 years | Electronic Financial Transactions Act |
| Records of handling consumer complaints or disputes | 3 years | Act on Consumer Protection in Electronic Commerce |
| Records of contractions, subscription withdrawals, payments, supply of goods, etc. | 5 years | |
| Records of labeling and advertising | 6 months |
6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights
The personal data of data subjects can be viewed as follows: If there is any personal data that cannot be viewed directly through Coupang Pay’s service or you would like to correct, withdraw your consent, request to delete data or suspend data processing, you can reach out to the department handling relevant matters in “9. Chief Privacy Offier and department handling personal data-related complaints.” Your request will be answered within 10 days. The legal representative or the authorized representative of a data subject shall submit a power of attorney to prove that they are a legitimate representative.
- Go to the Coupang website and click
- “My Coupang” > “My Benefits” > “Coupang Cash/Gift Card” > “Coupang Cash accumulation and usage history”
- “My Coupang” > “My Information” > “Payment Method/Coupay Management” > “Coupay Usage History / Coupay Accumulation Benefits”
- Open the Coupang mobile app and go to
- “My Coupang” > “Coupang Cash Gift Card Partner Points” > “Coupang Cash accumulation and usage history”
- “My Coupang” > “Payment method/Coupay” > “Coupay money/account/card usage history” / “Coupay Money awaiting topping-up”
However, it may not be possible to withdraw your consent, delete data or suspend data processing.
There are special provisions in the law or when it is unavoidable to fulfill the legal obligations
There is a risk of harming the body or life of another person or unfairly infringing on the property and other interests of another person
The services a customer agree to cannot be provided without processing the customer’s personal data and the customer has not clearly indicated whether to withdraw the agreement
ID and password shall not be transferred or loaned to another person, and Coupang Pay is not responsible for any issues caused by it. If you damage the personal data and dignity of others, you may be subject to punishment according to the “Personal Information Protection Act” and “Information and Communications Network Act.”
7. Personal Information Safeguard Measures
Coupang Pay takes technical and administrative protection measures to prevent personal information from being lost, stolen, leaked, altered or damaged in processing customers’ personal data.
8. Chief Privacy Officer and Inquiry Response Team
Coupang Pay has a Chief Privacy Officer who oversees the processing of personal data and handles customers’ personal data-related complaints and damage reliefs.
| Division | Point of contact | |
|---|---|---|
| Chief Privacy Officer(CPO) | Wanseok Seo | |
| Personal Data Protection Department | Fintech Security | |
| Department handling personal data-related complaints and concerns | Phone | 1577-7011 |
| help@coupang.com | ||
- Personal Information Dispute Mediation Committee 1833-6972 / www.kopico.go.kr
- Personal Information Infringement Report Center (without local number) 118 / privacy.kisa.or.kr
- Supreme Prosecutors’ Office (without local number) 1301 / www.spo.go.kr
- Korea National Police Agency (without local number) 182 / ecrm.police.go.kr
Version: 2.5.
Effective date: 2024.04.12.