Ethics Privacy Notice

Coupang Corp. (hereinafter ‘Coupang’) establishes and displays Privacy Notice as below to protect users’ personal information (PI) and to promptly and effectively handle any related grievances in accordance with the 「Personal Information Protection Act」. Should the Privacy Notice be updated, such update, the effective date, and the contents before/after the update are notified on the homepage.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang processes PI for the following purpose(s). Collected PI are not used but for the original purpose(s) of collection. If there is any change to the purpose of use, necessary actions are taken such as obtaining a separate consent under Article 18 of 「Personal Information Protection Act」. Coupang processes·retains PI in accordance with the PI retention period stipulated by applicable laws and within the time period notified to and agreed to by the user when collecting PI.
Coupang collects and uses the minimum necessary PI in order to handle reports on ethics issue. Collected PI will be kept confidential and not be used for purposes other than to handle the reports.
Purpose of Collection Information Collected Period of retention and use
To handle reports on ethics issue filed with the reporter’s name [Optional] Reporter(name, contact info, email), Reported person(name and title) Destroy upon achieving the purpose.
Coupang does not collect or store cookies that are automatically generated in the process of using the service for PI processing.

2. Provision and Consignment of Personal Information

Coupang provides personal information to third parties only within the scope of consent obtained from the user.

Coupang may provide personal information in accordance with the due process of law, for instance, where there are special provisions in applicable laws such as the Personal Information Protection Act, Act On Promotion Of Information And Communications Network Utilization And Information Protection, Protection Of Communications Secrets Act, Telecommunications Business Act, Act On The Consumer Protection In Electronic Commerce, Framework Act On National Taxes, Credit Information Use And Protection Act or Framework Act On Consumers, Framework Act On Consumers, Act On The Prevention Of Suicide And The Creation Of Culture Of Respect For Life, or a warrant or an official document signed by the head of the organization is presented. In particular, Coupang can provide personal information to related authorities without the consent of the user in the event of an emergency such as a disaster, infectious disease, event or accident that causes imminent threat to life or health, or imminent loss of property.

Coupang consigns the processing of personal information to effectively provide services. In accordance with Article 26 of the Personal Information Protection Act, Coupang stipulates the following details in the consignment contract: prohibition of personal information processing for purposes other than to perform consigned tasks, technical and administrative safeguard measures, restrictions on re-consignment, management and oversight of the consignee, and the liability for damages. Coupang also manages and oversees whether the consignee processes personal information in a secure manner.

The information is transferred for the purpose of providing the service. You will not be able to use the service if you refuse the transfer. If you don’t agree to the transfer, please withdraw your membership or contact our customer service center.

Consignee

(Information Management Officer)

Country Date and Method Information
Transferred
Purpose of consignment Period of
retention and use
NAVEX Global, Inc.
(privacy@navex.com)
Germany Transmission via secure network when using the service Name, contact info, email, and title included in the report Operation of dedicated system/channel for ethics issue reporting Destroyed upon termination of consignment contract

3. Use and Provision Without User’s Consent

Should the additional use or provision of personal information continue to happen, we will disclose the criteria for deciding the above and assess whether those criteria are being met.
  • Whether it is relevant to the purpose of the original collection
  • Whether the additional use or provision of personal information is predictable in light of the circumstances where personal information was collected or the practice of personal information processing
  • Whether the interests of the user are unjustly infringed
  • Whether necessary security measures such as pseudonymization or encryption have been taken
Should the additional use or provision of personal information continue to happen, we will disclose the criteria for deciding the above and assess whether those criteria are being met.

4. Procedure for and Methods of Destroying Personal Information

Coupang destroys personal information without delay when the information is rendered unnecessary by the expiration of its retention period or by achieving the purpose of processing. 

The procedure for and methods of destroying personal information are as follows:

  • Procedure of Destruction : Once the purpose of personal information collection and use has been achieved, the information is separately stored and then destroyed after retaining for a certain period of time in obligation with the internal policies and applicable laws
  • Methods of Destruction : Personal information in electronic form is destroyed through means that will make the data irrecoverable, whereas personal information stored in a hard copy format is destroyed using a shredder.
However, if it is required by applicable laws to retain personal information even after the expiration of personal information retention period consented by the user or after achieving the purpose of processing, Coupang separately stores and manages to retain the necessary personal information.
Retained Information Retention period Applicable law(s)
Website and app visit history 3 months Protection Of Communications Secrets Act

5. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

A user’s personal information can be viewed, corrected, deleted, withdrawing of consent or suspension of processing by using the following procedure: Personal information that cannot be directly accessed on the service can be accessible by making a request to the Customer Support and Compliant Handling Team specified under “8. Chief Privacy Officer and Customer Support Team.” The progress (or the results) made on the user’s request will be replied within 10 days. A legal representative or a delegated representative must prove his or her legitimate representative status by submitting a power of attorney and a certificate of family relations, etc.

However, withdrawing of consent or deleting or suspending the processing of personal information may be limited in the following cases:

  • Where there are special legal provisions, or it is inevitable to fulfil a legal obligation;
  • Where there is a possibility of causing harm to another person’s life or body or unjustly infringing on another person’s property or interests; or
  • Where the services agreed upon by the user cannot be provided unless personal information is processed and the user has not clearly stated his/her intention to terminate the contract.

6. Personal Information Safeguard Measures

Coupang has technical and administrative safeguard measures in place to ensure that users’ personal information is not stolen, leaked, forged or damaged while processing the information.
  • Technical Safeguards: real-time monitoring and blocking of hacking attempts and data leak, enhanced access control on personal information processing systems, storage of access logs and prevention of their forgery/alteration, at-rest encryption of passwords and critical information, and in-transit encryption of data
  • Administrative Safeguards: Operation of a dedicated privacy team, regular training for personal information handlers, awareness-raising activities for employees, and regular audits for compliance
  • 7. Chief Privacy Officer and Customer Support Team

    Coupang designates a Chief Privacy Officer in charge of personal information protection as below to take responsibility for the processing of personal information, and to handle complaints and damage relief from users related to personal information processing.  

    Category Description
    Privacy team Privacy  Compliance
    Owner team for handling ethics reports Email ethics@coupang.com
  • Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
  • Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
  • Korea National Police Agency : 182 (ecrm.cyber.go.kr)
  • Effective Date: 4. 1. 2024

    Scroll to Top