Privacy Notice
for Global Marketplace Community Members and Sellers (V.1.0)
This Notice describes how Coupang Corp. (“Coupang”, “Us”, “We” or “Our”) collects, processes and transfers Personal Information collected from Marketplace Community Members and Sellers (“You”, “Your”) and includes the following sections:
- Collection, Processing and Retention
- Disclosure to Third Parties
- Consignment
- Disclosure to Government Authorities
- Retention and Deletion
- Data Subject Rights
- Automatic Collection of Personal Information
- Personal Information Safeguards
- Chief Privacy Officer and Staff Responsible for Privacy Inquiries
- Notification Obligation
1. Collection, Processing and Retention:
Our collection, processing and retention of Personal Information is as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Seller, We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Name, phone number (land line and mobile), and e-mail address of primary contact person of the Member. | To provide the Member with information on new products and services and to support the Member with Seller registration (if applicable). | Until the termination of membership or such longer period as required to fulfill Our legal obligations and/or internal policy requirements. |
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Copies of passports of owner(s) and legal representatives of Sellers. | To perform due diligence on Seller. | Until the termination of Seller status or such longer period as required to fulfill Our legal obligations and/or internal policy requirements |
|
|
|
|
To perform credibility assessment including fraud and policy non-compliance detection. | |
| Settlement information (name of bank account holder, account number, copy of account passbook.) | To provide settlement services and issue tax invoices. |
2. Disclosure to Third Parties:
We may disclose your Personal Information to the following third parties.
a) Provision of Personal Information outside of South Korea:
*For more information, refer to: https://www.forter.com/service-privacy-policy/ or contact privacy@forter.com
a) Provision of Personal Information outside of South Korea:
| Recipient/country | Time and method of provision | Purpose of provision | Information provided | Period of use and retention |
|---|---|---|---|---|
| Forter Pte Ltd. * Singapore | Tranferred over the network from time to time. | Create and improve databases to provide fraud and policy non-compliance detection services. * |
|
Duration of service delivery |
3. Consignment:
We may consign the processing of your Personal Information to third party service providers to improve Our services.
a) Consignment of Personal Information within South Korea:
b) Consignment of Personal Information outside of South Korea:
a) Consignment of Personal Information within South Korea:
| Consignee | Consigned functions |
|---|---|
| Hyosung ITX | Provide assistance and consulting on seller registration, manage sellers. |
| Carriers | Manage delivery for Milkrun pickup services. |
| Amazon Web Services Inc. | Data storage services. |
| Microsoft | E-mail, document/file storage and internal communication and collaboration tools. |
| Consignee | Country | Time and method of transfer | Type of information transferred | Purpose and processing period |
|---|---|---|---|---|
| Coupang Global, LLC | US | Transferred over the network when necessary to perform a business purposes. | Information collected and used while performing a business purpose | For research and development purposes until the retention period expires. |
| Coupang (Shanghai) Co., Ltd. 韩领网络科技(上海)有限公司 (한림네트워크(상해)유한공사) |
China | |||
| Coupang (Beijing) Co., Ltd. 韩领网络科技(北京)有限公司 (한림네트워크(북경)유한공사) |
China | |||
| CPLB (Shenzhen) Co., Ltd. 韩领商贸(深圳)有限公司 |
China | |||
| IBM Security | US, India | Transferred over the network when necessary to perform a business purpose. | Information collected and used while performing a business purpose | To operate the Security Operation Center and perform related analysis until the retention period expires. |
| Salesforce | Transferred over the network when service is used. | Information collected and used while performing a business purpose. | To operate and maintain overseas data center where Personal Information is stored until the retention period expires. | |
| Forter Pte Ltd. | Singapore | Transferred over the network, frequently. |
|
Duration of service delivery. |
4. Disclosure to Government Authorities:
We use the Personal Information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except as required by applicable law or in response to a request from government authorities or law enforcement made through a legitimate procedure in accordance with applicable law.
5. Retention and Deletion:
a) Any Personal Information retained beyond the termination of membership or Seller status (as applicable) will be kept safely in accordance with applicable laws and Coupang policies and will be deleted promptly once the applicable retention period expires. In such case, such Personal Information will only be used for the specific purpose for which it was retained and/or as otherwise required by applicable law.
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
d) Retention periods required by Our policies are as follows:
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
| Information retained | Retention | Legal basis |
|---|---|---|
| Records on contracts, settlements, and transactons. | 5 years | Commercial Act |
| Website access log. | 3 months | Electronic Communications Privacy Act |
| Information retained | Retention | Legal basis |
|---|---|---|
| Seller ID, Seller name, Seller CEO name, and contact details. | 1 years | Fraud detection and prevention. |
6. Data Subject Rights:
a) You can, at any time, access, update/correct, or request the deletion or suspension of processing your Personal Information that we hold. If you exercise any of these rights, please email or call the points of contact listed below, and we will promptly process your request.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
7. Automatic Collection of Personal Information:
a) Cookies are small text files placed on Your computer hard drive by the server servicing our website. At the time a cookie is loaded, You have the choice of accepting or rejecting the collection of your Personal Information by cookies. However, please be aware that rejecting cookies may limit certain functions on our website (such as services requiring a sign-in) from operating correctly.
b) How You manage cookies depends on the Internet browser You are using:
b) How You manage cookies depends on the Internet browser You are using:
- If you are using Internet Explorer, go to ‘Tools’ in the menu bar > click on ‘Internet Options’ > click on ‘Privacy’ tab > select an option.
- If you are using Chrome, at the top right click ‘’ > click ‘Settings’ > select ‘Show advanced settings’ at the bottom > in the ‘Privacy’ section, click ‘Content settings’ button > in the ‘Cookies’ section, select an option.
8. Personal Information Safeguards
a) We maintain the following technical, managerial and physical safeguards necessary to ensure the security of Your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged:
- an internal privacy management plan to ensure the security of Our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately;
- security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures;
- access logs for Personal Information processing systems and employ measures to prevent tampering or alterations of the logs;
- encryption of Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords;
- 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections;
- access restrictions to Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions; and
- regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
9. Chief Privacy Officer and Staff Responsible for Privacy Inquiries
The Chief Privacy Officer (CPO) and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints and address damage from privacy-related issues. Customers may make inquiries, raise complaints or ask for damage relief regarding privacy issues through the contact points below. Coupang will promptly respond to and handle inquiries.
Customers who need to receive consultation on privacy matters or report a personal data breach may also contact the following authorities:
| Chief Privacy Officer | Department Handling Privacy Complaints |
|---|---|
|
Name: Max Leveson Email address: privacy@coupang.com |
Department: Privacy and Data Governance Email address: privacy@coupang.com |
- Korea Internet & Security Agency: 82-2-405-5118 | https://privacy.kisa.or.kr
- Cybercrime Investigation Team, Supreme Prosecutors' Office: 82-2-3480-2337 | https://www.spo.go.kr
- Cybercrime Investigation Team at the National Police Agency: https://cyberbureau.police.go.kr
10. Notification Obligation
This Privacy Notice takes effect from its effective date. Should there be grounds for a material change to customer's right to data privacy, customers will be notified by Coupang at least 14 days before the change. Other changes will be notified to customers at least 7 days prior to their implementation.
Version 1.0
Release date: October 5 2020
Effective date: October 12 2020
Version 1.0
Release date: October 5 2020
Effective date: October 12 2020
※ If you have any questions about privacy notice that is not indicated, please contact customer support team.