Ethics Privacy Notice (V.2.0)
Coupang Corp. (hereinafter 'Coupang') establishes and displays Privacy Notice as below to protect users' personal information (PI) and to promptly and effectively handle any related grievances in accordance with the 「Personal Information Protection Act」. Should the Privacy Notice be updated, such update, the effective date, and the contents before/after the update are notified on the homepage.
1. Collected Personal Information Items, Purpose and Retention Period
Coupang processes PI for the following purpose(s). Collected PI are not used but for the original purpose(s) of collection. If there is any change to the purpose of use, necessary actions are taken such as obtaining a separate consent under Article 18 of 「Personal Information Protection Act」. Coupang processes retains PI in accordance with the PI retention period stipulated by applicable laws and within the time period notified to and agreed to by the user when collecting PI.
Coupang collects and uses the minimum necessary PI in order to handle reports on ethics issue. Collected PI will be kept confidential and not be used for purposes other than to handle the reports.
| Purpose | Item | Period of retention and use |
|---|---|---|
| To handle reports on ethics issue filed with the reporter's name | [Optional] Reporter's name, contact info / Name and title of the reporter's leader / Name of the reported person | Destroy upon achieving the purpose. |
Coupang does not collect or store cookies that are automatically generated in the process of using the service for PI processing.
2. Provision and consignment of PI
Coupang provides PI to a third party only within the scope agreed to by the user under the Article 17 of 「Personal Information Protection Act」. However, Coupang may also provide PI to a third party if doing so is allowed or required by provisions in applicable laws, including Article 18 of the 「Personal Information Protection Act」.
Coupang may provide PI in accordance with special provisions stipulated in other applicable laws including Personal Information Protection Act, Act On Promotion Of Information And Communications Network Utilization And Information Protection, Protection Of Communications Secrets Act, Telecommunications Business Act, Act On The Consumer Protection In Electronic Commerce, Criminal Procedure Act, Framework Act On National Taxes, Credit Information Use And Protection Act, and Framework Act On Consumers, or in accordance with the due process of law such as with a warrant or a written statement with the seal of the head of an entity. In particular, Coupang may provide PI to relevant entities without the consent of the data subject in the event of a disaster, epidemics, events or accidents causing imminent threat to life and body, imminent loss of property or in other emergencies.
Coupang consigns PI processing tasks to ensure effective handling of PI. When signing a consignment contract, Coupang adheres to Article 26 of the 「Personal Information Protection Act」 by explicitly stipulating in a document or a contract the prohibition of PI processing for purposes other than consigned tasks, technical and administrative safeguard measures, restriction of sub-consignment, management·supervision of consignee, and indemnification for damage, and by managing or overseeing the consignee to ensure secure processing of PI.
| Consignee (Information manager’s contact) |
Country | When and How | Item | Purpose | Period of retention and use |
|---|---|---|---|---|---|
| KPMG us-privacy@kpmg.com |
US | Transmission via secure network when using the service | Name, contact info and title included in the report | Operation of dedicated system/channel for ethics issue reporting | Retained for 8 years since the collection and then destroyed. |
3. Use and provision without user’s consent.
Coupang processes and provides PI only within the scope agreed to by the user. Should it use or provide additional PI without data subject’s consent in accordance with Article 15(3) and 17(4) of the 「Personal Information Protection Act」, Coupang will disclose the criteria including the following details:
- Whether it is related to the original purpose of collection.
- Whether the additional use or provision of PI is predictable considering the situation under which PI is collected or the practice of processing the PI.
- Whether data subject’s interests are wrongfully violated.
- Whether safeguard measures such as pseudonymization or encryption have been taken.
4. Processing of pseudonymized information.
Coupang may pseudonymize personal information in a way that renders it impossible to identify an individual if doing so is necessary for collecting statistics, scientific research or record keeping in the public interest.
In accordance with the Article 28-2 through 28-7 of the 「Personal Information Protection Act」, when processing·consigning·providing to a third party the pseudonymized information, Coupang will disclose such facts in this Privacy Notice. Coupang will psedonymize the minimum necessary information, separate and manage the information to prevent any re-identification and take necessary technical·administrative safeguard measures.
5. Procedure and method of PI destruction
When PI is rendered unnecessary upon reaching the PI retention period or achieving the purpose of its processing, Coupang destroys the personal information without delay. Procedure and method of PI destruction are as follows:
- Destruction procedure : Destroyed after separately stored for a certain period of time as required by internal policy and applicable laws once the purpose of the PI has been achieved.
- Destruction method : PI stored in an electronic file should be destroyed in an irrecoverable way; a hard copy document containing PI should be destroyed using a shredder.
Should the PI be retained past the retention period consented by the data subject or even after achieving the purpose of processing as required by other applicable laws, the PI should be separately stored and managed.
| Retained Information | Retention period | Applicable law(s) |
|---|---|---|
| Website and app visit history | 3 months | Protection Of Communications Secrets Act |
6. Rights and obligations of a user and legal representative and how to exercise them
A user may view, modify or delete information by making a request to the owner team listed under ‘8. Chief Privacy Officer and owner team.’ Any progress made in (or the results of) handling the user’s request will be notified in reply within 10 days. A legal representative or a delegate should prove his/her legitimacy as a delegate, for example by submitting the power of attorney. However, withdrawal of the consent, deletion or suspension of processing may not be possible in the following cases:
- When there is a special provision in applicable laws or when it is necessary to do so in order to fulfill legal obligations.
- When there is a possibility of threats being made to another person’s life or body, or when another person’s property or interests may be wrongfully violated.
- When the service agreed upon by the user cannot be provided unless the PI is processed and the user has not explicitly expressed willingness to terminate the conract.
7. Safeguard measures for PI
Coupang has in place technical and administrative safeguard measures to ensure that users’ PI is not stolen, leaked, altered or damaged during the course of PI processing.
- Administrative measures : Operate a team dedicated to PI protection, provide training to PI handlers on a regular basis, activities to raise awareness of employees, conduct regular audits for compliance checkup
- Technical measures : Monitor and block any attempts at hacking or information leak in real time, implement enhanced access control on personal information processing system, store access logs and take measures to prevent their forgery and alteration, apply at-rest encryption to users’ password and other critical information, apply encryption to in-transit information.
8. Chief Privacy Officer and owner team.
Coupang designates a Chief Privacy Officer as below to oversee the PI processing, handle complaints from sellers and to provide damage relief.
| Category | Owner | |
|---|---|---|
| Chief Privacy Officer(CPO) | Hong Kwan Hee | |
| Privacy owner team | Privacy & Data Compliance | |
| Owner team for handling ethics reports | ethics@coupang.com | |
- Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
- Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
- Korea National Police Agency : 182 (ecrm.cyber.go.kr)
Privacy notice version: 2.0
Effective Date: 2022.07.11