Ethics Privacy Notice

Announcements

Ethics Privacy Notice (V.3.1)

1. Personal Information Collected, Purpose of Collection, and Retention Period
2. Provision and Consignment of Personal Information
3. Use and Provision Without User’s Consent
4. Processing of Pseudonymized Information
5. Procedure for and Methods of Destroying Personal Information
6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights
7. Personal Information Safeguard Measures
8. Chief Privacy Officer and Customer Support Team
Coupang Corp. (hereinafter ‘Coupang’) establishes and displays Privacy Notice as below to protect users’ personal information (PI) and to promptly and effectively handle any related grievances in accordance with the 「Personal Information Protection Act」. Should the Privacy Notice be updated, such update, the effective date, and the contents before/after the update are notified on the homepage.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang processes PI for the following purpose(s). Collected PI are not used but for the original purpose(s) of collection. If there is any change to the purpose of use, necessary actions are taken such as obtaining a separate consent under Article 18 of 「Personal Information Protection Act」. Coupang processes·retains PI in accordance with the PI retention period stipulated by applicable laws and within the time period notified to and agreed to by the user when collecting PI.
Coupang collects and uses the minimum necessary PI in order to handle reports on ethics issue. Collected PI will be kept confidential and not be used for purposes other than to handle the reports.
Purpose of Collection
 Information Collected
 Period of retention and use
To handle reports on ethics issue filed with the reporter’s name [Optional] Reporter’s name, contact info / Name and title of the reporter’s leader / Name of the reported person Destroy upon achieving the purpose.
Coupang does not collect or store cookies that are automatically generated in the process of using the service for PI processing.

2. Provision and Consignment of Personal Information

Coupang provides personal information to third parties only within the scope of consent obtained from the user.

Coupang may provide personal information in accordance with the due process of law, for instance, where there are special provisions in applicable laws such as the Personal Information Protection Act, Act On Promotion Of Information And Communications Network Utilization And Information Protection, Protection Of Communications Secrets Act, Telecommunications Business Act, Act On The Consumer Protection In Electronic Commerce, Framework Act On National Taxes, Credit Information Use And Protection Act or Framework Act On Consumers, Framework Act On Consumers, Act On The Prevention Of Suicide And The Creation Of Culture Of Respect For Life, or a warrant or an official document signed by the head of the organization is presented. In particular, Coupang can provide personal information to related authorities without the consent of the user in the event of an emergency such as a disaster, infectious disease, event or accident that causes imminent threat to life or health, or imminent loss of property.

Coupang consigns the processing of personal information to effectively provide services. In accordance with Article 26 of the Personal Information Protection Act, Coupang stipulates the following details in the consignment contract: prohibition of personal information processing for purposes other than to perform consigned tasks, technical and administrative safeguard measures, restrictions on re-consignment, management and oversight of the consignee, and the liability for damages. Coupang also manages and oversees whether the consignee processes personal information in a secure manner.

Consignee

(Information Management Officer)

 Country Date and Method Information
Transferred		 Purpose of consignment Period of
retention and use
KPMG
(us-privacy@kpmg.com)		 U.S. Transmission via secure network when using the service Name, contact info and title included in the report Operation of dedicated system/channel for ethics issue reporting Destroyed upon termination of consignment contract

3. Use and Provision Without User’s Consent

Coupang processes and provides personal information only within the scope of obtaining consent from the user. In the case of additional use or provision of personal information without the user’s consent pursuant to Articles 15(3) and 17(4) of the Personal Information Protection Act, we will disclose the grounds for such use and provision including the following details:

  • Whether it is relevant to the purpose of the original collection
  • Whether the additional use or provision of personal information is predictable in light of the circumstances where personal information was collected or the practice of personal information processing
  • Whether the interests of the user are unjustly infringed
  • Whether necessary security measures such as pseudonymization or encryption have been taken

4. Processing of Pseudonymized Information

In some circumstances where it is necessary for statistics, scientific research, archiving for public interest, or other purposes, Coupang may pseudonymize the collected personal information so that it can no longer be identified an individual.

Coupang will disclose in this Privacy Notice in the event it processes, consigns, or provides a third party with the pseudonymized information pursuant to Articles 28(2) through 28(7) of the Personal Information Protection Act. Coupang will ensure that only the minimum necessary amount of information is pseudonymized, the pseudonymized data is separately stored and managed to prevent it from being re-identified, and necessary technical and administrative safeguard measures are taken.

5. Procedure for and Methods of Destroying Personal Information

Coupang destroys personal information without delay when the information is rendered unnecessary by the expiration of its retention period or by achieving the purpose of processing. 

The procedure for and methods of destroying personal information are as follows:

  • Procedure of Destruction : Once the purpose of personal information collection and use has been achieved, the information is separately stored and then destroyed after retaining for a certain period of time in obligation with the internal policies and applicable laws
  • Methods of Destruction : Personal information in electronic form is destroyed through means that will make the data irrecoverable, whereas personal information stored in a hard copy format is destroyed using a shredder.
However, if it is required by applicable laws to retain personal information even after the expiration of personal information retention period consented by the user or after achieving the purpose of processing, Coupang separately stores and manages to retain the necessary personal information.
Retained Information Retention period Applicable law(s)
Website and app visit history 3 months Protection Of Communications Secrets Act

6. Rights and Obligations of Users and Legal Representatives and How to Exercise the Rights

A user’s personal information can be viewed, corrected, or deleted by using the following procedure: Personal information that cannot be directly accessed on the service can be accessible by making a request to the Customer Support and Compliant Handling Team specified under “9. Chief Privacy Officer and Customer Support Team.” The progress (or the results) made on the user’s request will be replied within 10 days. A legal representative or a delegated representative must prove his or her legitimate representative status by submitting a power of attorney and a certificate of family relations, etc.

However, withdrawing of consent or deleting or suspending the processing of personal information may be limited in the following cases:

  • Where there are special legal provisions, or it is inevitable to fulfil a legal obligation;
  • Where there is a possibility of causing harm to another person’s life or body or unjustly infringing on another person’s property or interests; or
  • Where the services agreed upon by the user cannot be provided unless personal information is processed and the user has not clearly stated his/her intention to terminate the contract.

7. Personal Information Safeguard Measures

Coupang has technical and administrative safeguard measures in place to ensure that users’ personal information is not stolen, leaked, forged or damaged while processing the information.
  • Technical Safeguards: real-time monitoring and blocking of hacking attempts and data leak, enhanced access control on personal information processing systems, storage of access logs and prevention of their forgery/alteration, at-rest encryption of passwords and critical information, and in-transit encryption of data
  • Administrative Safeguards: Operation of a dedicated privacy team, regular training for personal information handlers, awareness-raising activities for employees, and regular audits for compliance

    • 8. Chief Privacy Officer and Customer Support Team

    Coupang designates a Chief Privacy Officer in charge of personal information protection as below to take responsibility for the processing of personal information, and to handle complaints and damage relief from users related to personal information processing.  

    Role Person/Team in Charge
    Chief Privacy Officer(CPO) Jang June Young
    Privacy team Privacy Compliance
    Owner team for handling ethics reports  Email ethics@coupang.com
  • Personal Information Dispute Mediation Committee : 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center : 118 (privacy.kisa.or.kr)
  • Supreme Prosecutor’s Office: 1301 (www.spo.go.kr)
  • Korea National Police Agency : 182 (ecrm.cyber.go.kr)

    • Privacy notice version: 3.1

    Effective Date: 1-18-2023

    Scroll to Top