Ethics Privacy Notice

Announcements

Ethics Privacy Notice

1. Personal Information Collected, Purpose of Collection, and Retention Period
2. Provision and Consignment of Personal Information
3. Use and Provision Without User’s Consent
4. Procedure for and Methods of Destroying Personal Information
5. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights
6. Personal Information Safeguard Measures
7. Chief Privacy Officer and Customer Support Team
Coupang Inc. (hereinafter “Coupang”) establishes and discloses the Privacy Notice as below to protect users’ personal information (PI) and to promptly and effectively handle any related grievances in accordance with applicable privacy laws. Should the Privacy Notice be updated, such update, the effective date, and the content before/after the update will be notified on the website.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang does not use the collected PI for any other purposes than the original purpose of collection. If there is any change to the purpose of use, necessary actions will be taken, such as obtaining a separate consent as needed under applicable privacy laws. Coupang processes and retains PI in accordance with the PI retention period stipulated by applicable laws and within the time period notified of and agreed to by users at the time of PI collection. The PI retention period stipulated by applicable laws is the same as set forth in “4. Procedure for and Methods of Destroying Personal Information”.

Coupang collects and uses the minimum necessary PI in order to handle reports on ethics issues. Collected PI will be kept confidential and will not be used for purposes other than to handle the reports.

Purpose of Collection Information Collected Period of retention and use
To process ethics reports submitted under the reporter’s name Name, contact number, and email, and other personal information comprised in the reporting. Destroy after five (5) years of retention following the complete processing of reports
Coupang does not collect or store cookies that are automatically generated in the process of using the service for PI processing.

2. Provision and Consignment of Personal Information

Coupang provides personal information to a third party only within the cope of consent obtained from users in advance.
Status of the provision of personal information to third parties
However, Coupang may provide personal information in accordance with the due process of law, for instance, where there are special provisions in applicable laws such as in Korea, the Personal Information Protection Act, the Act on Promotion of Information and Communications Network and Protection of Information, the Communications Secrets Protection Act, the Telecommunications Business Act, the Act on Consumer Protection in Electronic Commerce, the Framework Act on National Taxes, the Credit Information Use and Protection Act, the Framework Act on Consumers, and the Act on the Prevention of Suicide and the Creation of Culture of Respect for Life. In particular, Coupang can provide personal information to the relevant authorities without users’ consent in the event of an emergency such as a disaster, infectious disease, event or accident that causes an imminent threat to life or health, or imminent loss of property.

Coupang consigns the processing of personal information to ensure the effective provision of services. In accordance with applicable privacy law requirements, Coupang stipulates the following details in a consignment agreement: prohibition of processing of personal information for any other purposes than the performance of consigned duties, technical and administrative safeguard measures, restrictions on re-consignment, management and oversight of consignees, and liability for damages. Coupang also manages and oversees whether consignees process personal information in a secure manner.

Since the transfer of personal information is for the purpose of provision of services, you will not be able to use these services if you don’t agree to the transfer.

Consignee

(Information Management Officer)

 Country Date and Method Information Transferred Purpose of consignment Period of retention and use
NAVEX Global, Inc.
(privacy@navex.com)		 Germany Transmission via secure network during the use of services Name, contact info, and email Operation of a dedicated system/channel specialized for ethics reporting Destroy at the termination of the consignment agreement

3. Use and Provision Without User’s Consent

Coupang uses and provides personal information only within the scope of consent obtained from users. However, according to applicable privacy law requirements, Coupang may additionally use and provide personal information without the consent of users. In this case, Coupang will consider the following points for the additional use and provision of personal information without the consent of the data subject.

  • Whether it is relevant to the purpose of the original collection
  • Whether the additional use or provision of personal information is predictable in light of the circumstances where personal information was collected or the practice of personal information processing
  • Whether the interests of users are unjustly infringed
  • Whether necessary security measures such as pseudonymization or encryption have been taken
Should the additional use or provision of personal information continue to happen, we will disclose the criteria for deciding the above and assess whether those criteria are being met.

4. Procedure for and Methods of Destroying Personal Information

Coupang destroys personal information without delay when the information is rendered unnecessary by the expiration of its retention period or by achieving the purpose of processing. 

The procedure for and methods of destroying personal information are as follows:

  • Procedure of Destruction : Once the purpose of personal information collection and use has been achieved, the information is separately stored and then destroyed after retaining for a certain period of time in obligation with the internal policies and applicable laws
  • Methods of Destruction : Personal information in electronic form is destroyed through means that will make the data irrecoverable, whereas personal information stored in a hard copy format is destroyed using a shredder.
However, if it is required by applicable laws to retain personal information even after the expiration of personal information retention period consented by users or after achieving the purpose of processing, Coupang separately stores and manages the necessary personal information.
Retained Information Retention period Applicable law(s)
Website and app visit history 3 months Korea Protection Of Communications Secrets Act

5. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

A user and his or her legal representative may make a request for accessing, correcting and deleting the user’s personal information, withdrawal of consent and suspension of processing through the Customer Support Team specified under “7. Chief Privacy Officer and Customer Support Team.” The progress (or the results) made on the user’s request will be shared within 10 days from the request. A legal representative or a delegated representative must prove his or her legitimate representative status by submitting a power of attorney, a certificate of family relations, etc.

However, withdrawing of consent or deleting or suspending the processing of personal information may be restricted in the following cases:

  • Where there are special legal provisions, or such restriction is unavoidable to fulfill legal obligations;
  • Where there is a possibility of causing harm to the data subject’s interests; or
  • Where there are other legitimate reasons(ex. Where the services agreed upon by the user cannot be provided unless personal information is processed and the user has not clearly stated his/her intention to terminate the contract.)

6. Personal Information Safeguard Measures

Coupang has technical and administrative safeguard measures in place to ensure that users’ personal information is not stolen, leaked, forged or damaged while processing the information.
  • Technical Safeguards: real-time monitoring and blocking of hacking attempts and data leak, enhanced access control on personal information processing systems, storage of access logs and prevention of their forgery/alteration, at-rest encryption of passwords and critical information, and in-transit encryption of data
  • Administrative Safeguards: Operation of a dedicated privacy team, regular training for personal information handlers, awareness-raising activities for employees, and regular audits for compliance

    • 7. Chief Privacy Officer and Customer Support Team

    Coupang designates a Chief Privacy Officer in charge of personal information protection as below to take responsibility for the processing of personal information, and to handle complaints and damage relief from users related to personal information processing.

    Category Description
    Privacy team Global Privacy
    Owner team for handling ethics reports Email ethics@coupanginc.com
  • Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
  • Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
  • Korea National Police Agency : 182 (ecrm.cyber.go.kr)

    • Effective Date: 7. 15. 2025

    Scroll to Top