Privacy Notice for Sellers (Ver. 1.4)
Coupang Corp. (hereinafter “Coupang”) collects only the minimum necessary amount of information only when necessary.
We use the information we collect only to the extent that it was notified and do not use the information beyond such extent or disclose the information without your prior consent.
You are entitled to exercise all your rights related to the information we hold about you.
We will notify you of any changes we make on our Privacy Notice and post the updated Notice so that you can see the changes anytime.
This Notice describes our policies regarding how we process the personal information of our sellers
(including those who consult their potential businesses with us, hereinafter “User”)
which are consistent with applicable laws, specifically including the following privacy practices:
How Coupang protects the security of your Personal Information:
- Personal Information Collected and Used, Data Retention
- Third Party Disclosure of Personal Information
- Consignment of Personal Information
- Personal Information Deletion Procedure and Method
- User Rights and Exercising User Rights
- Automatic Collection of Personal Information and How to Object
- Personal Information Safeguards
- Chief Privacy Officer and Privacy Staff
1. Coupang collects and uses the following types of Personal Information in relation to the services you use and retains and uses the information for the specified period:
| Category | Purpose of collection and use | Type of Personal Information collected and used | Retention period |
|---|---|---|---|
| Mandatory |
Sign-up, user identification, To provide services to sellers (e.g. sending service notifications, handling inquiries and requests, sharing settlement details, delivering marketing messages, etc.), To issue open API keys, Detecting and preventing fraud and account abuse. |
User ID, password, email, name, mobile phone number | Until the termination of the Agreement |
| (Global Seller only) To perform due diligence on Seller. | Copies of passports of owner(s) and legal representatives of Sellers | ||
| To create child accounts for Sellers | Pont of contact (person in charge, mobile phone number, email, user ID) | ||
|
To issue tax invoices To provide settlement services |
Settlement information (Account information, account holder’s name, a copy of bankbook) | ||
|
<Coupang Seller Academy> To identify and communicate with participants To host the seminar |
Destroyed without delay upon the completion of the seminar | ||
|
<Consultation about onboarding to Coupang Travel> To identify and seamlessly communicate with clients |
Name, mobile phone number, email | Retained for 1 month since the end of consultation and destroyed without delay | |
|
<Signing up for Coupang Travel Wow Membership Promotion> To confirm and communicate with sellers who have signed up for the seasonal promotion |
Name, mobile phone number, email | Destroyed without delay when contract extension is denied | |
|
<Application for live streaming on Live Vendor> To receive applications for live streaming and notify application results |
Destroyed without delay upon notification of application result | ||
|
<Application for Coupang Live interview> To recruit and register participants, To provide guidelines for and conduct interviews about seller experience To provide rewards |
Name of the primary contact person, mobile phone number, email, Coupang ID | Destroyed without delay when the seller withdraws consent to be registered as interview participant | |
| <Registration to training for newly-onboarded Coupang Live sellers> | Name, email | Destroyed without delay upon the completion of the training | |
|
<Coupang Live Studio rental> To make reservations for Coupang Live Studio and provide guidelines on reservation |
Destroyed after being retained for 1 month from the date of application | ||
|
<Consultation about ads products> To provide consulting services for Coupang ads products |
Mobile phone number | Destroyed without delay after being retained for 3 months from the date of application | |
|
<Transfer of business ownership to an individual instead of a company after closing the business> To process settlements due to business ownership transfer |
Certificate of Business Suspension/Close of Business, Certificate of Registered Seal, a copy of bankbook, a copy of an ID (name, resident registration number of driver’s license number), account number, address |
Retained and destroyed according to relevant laws, such as the Framework Act on National Taxes and the Act on the Consumer Protection in Electronic Commerce | |
| Fraud detection, provision of customized content and services based on the assumption of users’ interest, preference, and tendency | Service usage history, access log, cookies(each service), IP address, device information (OS, version) | Until the termination of the Agreement | |
| <Coupang Live< Live broadcasting and communication | [Required] Profile picture, nickname, name of the primary contact person, email address, phone number [Optional] Self-introduction, homepage, Facebook, KakaoTalk, Instagram address | Destroyed upon the termination of the contract of use | |
| <Coupang Live< Advertising of seller’s products, onboarding, partnership consultation, consulting, and overall communication | Name, mobile phone number, email | Destroyed within 3 months after the end of consultation/consulting | |
| Optional | To manage address book/shipping information | Additional phone number | Until the termination of the Agreement |
| To send advertisement and event information messages | Mobile phone number, email | Destroyed without delay when the seller withdraws consent or upon the termination of the contract | |
| <Reporting of ethical issues> To ensure a smooth communicate with the reporter (e.g. result of processing the report) | Name, email, phone number | Destroyed immediately upon achieving the purpose |
- We may request you to provide documentation depending on the type of service you use.
2. Coupang may share your Personal Information with third parties to the extent of its intended purpose to provide services or to comply with our legal obligations.
We use the information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except in the following circumstances:
- Data subject has consented
- Required by law or determined to be in good faith (e.g. request from investigative or law enforcement authorities made through a legitimate procedure in accordance with applicable laws)
| Party receiving the transfer (Information Manager’s contact information | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|
|
Coupang Pay Corp |
(Private business operators only) Name, phone number, address, email, bank name, account number | Purpose of compliance with anti-money laundering regulations, such as customer confirmation and suspicious transaction reporting, etc. under the Act on the Reporting and Use of Specific Financial Transaction Information | Destruction five years after the end of the financial transaction |
3. Coupang consigns the processing of personal information to make available to you the following services and to make the following business processes effective:
We consign the information you provide to service providers to improve our services.
① Consignment of Personal Information within Korea:
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
① Consignment of Personal Information within Korea:
| Consignee | Consigned functions |
|---|---|
| Coupang Pay Corp., Samsung SDS | Provides settlement services and issues tax invoices |
| Coupang Eats Services Ltd. | Consultation for Coupang Eats Store |
| KSJOB, UBASE | Provide assistance and consulting on seller registration, manage sellers |
| Amazon Web Services Inc. | Stores data, sends text messages and emails |
| NHN Corp., Kakao Corp., KT Co., Ltd., LGCNS | Send text messages and emails |
| GS Neotek | Maintains Genesys and Zendesk systems |
| UNIPOST | Issues tax invoices |
| LG U Plus | Sends text messages (SMS/LMS) |
| Salesforce | Manages sales data |
| YKAD | Sales agency for Coupang Eats |
| APG Awesome Partners Group | Sales agency for Coupang Eats |
| CSJ | Sales agency for Coupang Eats |
| Hayan Yeowoo (White Fox) | Sales agency for Coupang Eats |
| KICC | Sales and management agency for Coupang Eats |
| 2HK Studio | Coupang Eats food photography agency |
| Bri-X | Coupang Eats food photography agency |
| H13D Studio | Coupang Eats food photography agency |
| Ibiz | Coupang Eats food photography agency |
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
| Party receiving the transfer (Information Manager’s contact information) | Country | Time and method of transfer | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|---|---|
|
Coupang Global, LLC (helpseller@coupang.com) |
USA | purposesTransmission over secure network when using the service | Any personal information collected/used while using the service | Service development and maintenance, fraud detection system development and maintenance, data analysis | Until termination of consignment contract |
| Coupang (Shanghai) Co., Ltd. (help@coupang.com) |
China | ||||
|
Coupang (Beijing) Co., Ltd. (help@coupang.com) |
China | ||||
| Salesforce (privacymark@salesforce.com) |
USA, Japan | Seller’s name, email, contact information | Using the system for seller management | ||
| Zendesk (support@zendesk.com) |
Japan | Name, email, phone number, membership number | Using CS management system to operate customer center | ||
| Genesys (GSN:yakida96@gsnict.com) |
Japan | Call recording, inbound phone number | Using call system to operate customer center | ||
| Zoom (privacy@zoom.us) |
USA | Name, email | Receiving applications for Live seller webinar | ||
| Qualtrics, LLC (privacy@qualtrics.com) |
Australia | Personal information collected and used in the process of applying for and participating in Coupang research (interview and survey) | Managing Coupang research (interview and survey) panel, conducting research and analyzing results | ||
| Amazon Web Services Inc. (aws-korea-privacy@amazon.com) |
US | Transmitted through a secure network when personal information is required for business purposes | Sending email | ||
| MaestroQA (privacy@maestroqa.com) |
US | Transmitted over a secure network | CS call information: - CS call recording transcript, customer management number, order number, call history |
Quality control for Coupang CS center |
4. In principle, Coupang will delete your Personal Information immediately whenever the purpose for which the information was retained is fulfilled. Personal Information is deleted according to the following procedure, time limit and manner:
① Procedure and time limit
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
| Applicable law | Purpose | Information stored | Retention period |
|---|---|---|---|
| Act on the Consumer Protection in Electronic Commerce Article 6 | To maintain consumer complaints or dispute records | Consumer identifiable information, dispute resolution record | 3 years |
| To maintain settlement and supply of goods records | Consumer identifiable information, record on payment, supply of goods, contract and contract termination | 5 years | |
| Records on contract or contract termination | |||
| Records on labeling and advertisement | Records on labeling and advertisement | 6 months | |
| Framework Act on National Taxes Article 85-3, Article 26-2 | To calculate national tax exclusion period | Evidence of all transactions for national tax | 10 years |
| To calculate the length of period for national tax collection | Documents for taxable base and tax declaration | 5 years | |
| Value-Added Tax Act Article 32 | Ledgers, tax invoices, import tax invoices, receipts, etc. | Documents for taxable base and tax declaration for value added tax | 5 years |
| Electronic Financial Transactions Act Article 22 | To confirm electronic financial transaction records | Records on Electronic Financial Transactions | 5 years |
| Protection of Communications Secrets Act Article 15-2 | Complying with disclosure requests from investigation agencies with a warrant | Website, application and other system access log | 3 months |
5. You as a user of Coupang services and as a data subject are entitled to exercise the following rights:
You or your legal representative can, at any time, access or modify your information or request deletion or suspension of processing your information that we hold.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
6. How cookies are installed and used and how to reject cookies.
Coupang does not collect and store the data automatically generated while using our services (cookies).
7. Personal Information Safeguards
Coupang maintains technical, managerial and physical safeguards necessary to ensure the security of your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
8. We appoint a Chief Privacy Officer (CPO) to protect your personal information.
① We designate a Chief Privacy Officer (CPO) who is responsible for all functions related to the processing of Personal Information and address privacy related complaints from Users and provide damage relief. See details below:
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
- Coupang: Seller Call Center / 1600-9879
- Coupang Eats Store: Seller PMO / 1600-9827
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
Privacy Notice version: 1.4
Effective date of the current Privacy Notice: September 21, 2022
Effective date of the current Privacy Notice: September 21, 2022
Privacy Notice for Sellers (Ver. 1.3)
Coupang Corp. (hereinafter “Coupang”) collects only the minimum necessary amount of information only when necessary.
We use the information we collect only to the extent that it was notified and do not use the information beyond such extent or disclose the information without your prior consent.
You are entitled to exercise all your rights related to the information we hold about you.
We will notify you of any changes we make on our Privacy Notice and post the updated Notice so that you can see the changes anytime.
This Notice describes our policies regarding how we process the personal information of our sellers
(including those who consult their potential businesses with us, hereinafter “User”)
which are consistent with applicable laws, specifically including the following privacy practices:
How Coupang protects the security of your Personal Information:
- Personal Information Collected and Used, Data Retention
- Third Party Disclosure of Personal Information
- Consignment of Personal Information
- Personal Information Deletion Procedure and Method
- User Rights and Exercising User Rights
- Automatic Collection of Personal Information and How to Object
- Personal Information Safeguards
- Chief Privacy Officer and Privacy Staff
1. Coupang collects and uses the following types of Personal Information in relation to the services you use and retains and uses the information for the specified period:
| Category | Purpose of collection and use | Type of Personal Information collected and used | Retention period |
|---|---|---|---|
| Mandatory |
Sign-up, user identification, To provide services to sellers (e.g. sending service notifications, handling inquiries and requests, sharing settlement details, delivering marketing messages, etc.), To issue open API keys, Detecting and preventing fraud and account abuse. |
User ID, password, email, name, mobile phone number | Until the termination of the Agreement |
| (Global Seller only) To perform due diligence on Seller. | Copies of passports of owner(s) and legal representatives of Sellers | ||
| Two-factor authentication | Mobile phone number, email | ||
| To create child accounts for Sellers | Pont of contact (person in charge, mobile phone number, email, user ID) | ||
|
To issue tax invoices To provide settlement services |
Settlement information (Account information, account holder’s name, a copy of bankbook) | ||
|
<if you use our Milkrun service> To use our services and provide settlement services |
ID, password | ||
|
<Coupang Seller Academy> To identify and communicate with participants To host the seminar |
Destroyed without delay upon the completion of the seminar | ||
|
<Consultation about onboarding to Coupang Travel> To identify and seamlessly communicate with clients |
Name, mobile phone number, email | Retained for 1 month since the end of consultation and destroyed without delay | |
|
<Signing up for Coupang Travel Wow Membership Promotion> To confirm and communicate with sellers who have signed up for the seasonal promotion |
Name, mobile phone number, email | Destroyed without delay when contract extension is denied | |
|
<Application for live streaming on Live Vendor> To receive applications for live streaming and notify application results |
Destroyed without delay upon notification of application result | ||
|
<Application for Coupang Live interview> To recruit and register participants, To provide guidelines for and conduct interviews about seller experience To provide rewards |
Name of the primary contact person, mobile phone number, email, Coupang ID | Destroyed without delay when the seller withdraws consent to be registered as interview participant | |
| <Registration to training for newly-onboarded Coupang Live sellers> | Name, email | Destroyed without delay upon the completion of the training | |
|
<Coupang Live Studio rental> To make reservations for Coupang Live Studio and provide guidelines on reservation |
Destroyed after being retained for 1 month from the date of application | ||
|
<Coupang Live Studio rental> To prevent and control the spread of communicable diseases |
Name, contact information | Destroyed after being retained for 4 weeks from the date of visit | |
|
<Consultation about ads products> To provide consulting services for Coupang ads products |
Mobile phone number | Destroyed without delay after being retained for 3 months from the date of application | |
|
<Transfer of business ownership to an individual instead of a company after closing the business> To process settlements due to business ownership transfer |
Certificate of Business Suspension/Close of Business, Certificate of Registered Seal, a copy of bankbook, a copy of an ID (name, resident registration number of driver’s license number), account number, address |
Retained and destroyed according to relevant laws, such as the Framework Act on National Taxes and the Act on the Consumer Protection in Electronic Commerce | |
| Fraud detection, provision of customized content and services based on the assumption of users’ interest, preference, and tendency | Service usage history, access log, cookies(each service), IP address, device information (OS, version) | Until the termination of the Agreement | |
| Optional | To manage address book/shipping information | Additional phone number | Until the termination of the Agreement |
| To send advertisement and event information messages | Mobile phone number, email | Destroyed without delay when the seller withdraws consent or upon the termination of the contract | |
| <Reporting of ethical issues> To ensure a smooth communicate with the reporter (e.g. result of processing the report) | Name, email, phone number | Destroyed immediately upon achieving the purpose |
- We may request you to provide documentation depending on the type of service you use.
2. Coupang may share your Personal Information with third parties to the extent of its intended purpose to provide services or to comply with our legal obligations.
We use the information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except in the following circumstances:
- Data subject has consented
- Required by law or determined to be in good faith (e.g. request from investigative or law enforcement authorities made through a legitimate procedure in accordance with applicable laws)
- Domestic
| Party receiving the transfer (Information Manager’s contact information | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|
|
Coupang Pay Corp |
(Private business operators only) Name, phone number, address, email, bank name, account number | Purpose of compliance with anti-money laundering regulations, such as customer confirmation and suspicious transaction reporting, etc. under the Act on the Reporting and Use of Specific Financial Transaction Information | Destruction five years after the end of the financial transaction |
- Overseas
| Party receiving the transfer (Information Manager’s contact information | Country | Time and method of transfer | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|---|---|
|
Forter Pte Ltd. (privacy@forter.com) |
Singapore | Tranferred over the network from time to time. |
• Seller name, Seller ID, transaction history. • Information relating to your use of our systems including login, authentication, and activity/ navigation data. • Information about the device from which you access our systems |
Create and improve databases to provide fraud and policy non-compliance detection services. | Duration of service delivery |
3. Coupang consigns the processing of personal information to make available to you the following services and to make the following business processes effective:
We consign the information you provide to service providers to improve our services.
① Consignment of Personal Information within Korea:
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
① Consignment of Personal Information within Korea:
| Consignee | Consigned functions |
|---|---|
| Coupang Pay Corp. | Provides settlement services and issues tax invoices |
| Coupang Eats Services Ltd. | Consultation for Coupang Eats Store |
| KSJOB, UBASE | Provide assistance and consulting on seller registration, manage sellers |
| Carrier (Daesung, KLP, JOIL, Hanbaek, KCTC, Eugene Logistics, Sebang, Dongwon LOEX, Dongbang) | Manage delivery for Milkrun pickup services |
| Amazon Web Services Inc. | Stores data, sends text messages and emails |
| Microsoft | E-mail, document/file storage and internal communication and collaboration tools |
| NHN Corp., Kakao Corp. | Send text messages and emails |
| GS Neotek | Maintains Genesys and Zendesk systems |
| UNIPOST | Issues tax invoices |
| LG U Plus | Sends text messages (SMS/LMS) |
| Salesforce | Manages sales data |
| YKAD | Sales agency for Coupang Eats |
| Shinsegae Media | Sales agency for Coupang Eats |
| Unity Whole System | Sales agency for Coupang Eats |
| APG | Sales agency for Coupang Eats |
| CSJ | Sales agency for Coupang Eats |
| Pinter | Sales agency for Coupang Eats |
| KICC | Sales and management agency for Coupang Eats |
| Studio Kwag | Food photography for Coupang Eats |
| Studio Zero | Food photography for Coupang Eats |
| UKMEDIA | Food photography for Coupang Eats |
| H13D Studio | Food photography for Coupang Eats |
| MH Studio | Food photography for Coupang Eats |
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
| Party receiving the transfer (Information Manager’s contact information) | Country | Time and method of transfer | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|---|---|
|
Coupang Global, LLC (helpseller@coupang.com) |
USA | Transmitted through a secure network when personal information is required for business purposes | Personal information collected and used while using Coupang Eats services (sign-up, CS, payment) | Coupang service operation, research and development, fraud monitoring and detection | Until termination of consignment contract |
| Coupang (Shanghai) Co., Ltd. 韩领网络科技(上 海)有限公司 (helpseller@coupang.com) |
China | ||||
| Coupang (Beijing) Co., Ltd. 韩领网络科技(北 京)有限公司 (helpseller@coupang.com) |
China | ||||
| Salesforce (privacymark@salesforce.com) |
USA, Japan | Seller’s name, email, contact information | Using the system for seller management | ||
| Zendesk (support@zendesk.com) |
Japan | Name, email, phone number, membership number | Using CS management system to operate customer center | ||
| Genesys (GSN:yakida96@gsnict.com) |
Japan | Call recording, inbound phone number | Using call system to operate customer center | ||
| Zoom (privacy@zoom.us) |
USA | Name, email | Receiving applications for Live seller webinar | ||
| (Global Seller only) Forter Pte Ltd. (privacy@forter.com) |
Singapore |
• Seller name, Seller ID, transaction history. • Information relating to your use of our systems including login, authentication, and activity/ navigation data. • Information about the device from which you access our systems. |
Create and improve databases to provide fraud and policy non-compliance detection services. | ||
| Qualtrics, LLC (privacy@qualtrics.com) |
Australia | If PI is required for business purposes, it should be sent via a secure network | Personal information collected and used in the process of applying for and participating in Coupang research (interview and survey) | Managing Coupang research (interview and survey) panel, conducting research and analyzing results | Until the consignment agreement is terminated |
4. In principle, Coupang will delete your Personal Information immediately whenever the purpose for which the information was retained is fulfilled. Personal Information is deleted according to the following procedure, time limit and manner:
① Procedure and time limit
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
[Where required by company policies]
- If an Agreement with a seller with any past transactions (including product listings and sales) the seller has made using our services is terminated, we hold the minimum required amount of information including ID, name or company name, contact details, delivery address and bank account information for remittances for one year after the termination to provide the information to the parties to the transaction and to prevent arbitrary termination of the Agreement to knowingly bypass the restriction specified in this Notice
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
| Applicable law | Purpose | Information stored | Retention period |
|---|---|---|---|
| Act on the Consumer Protection in Electronic Commerce Article 6 | To maintain consumer complaints or dispute records | Consumer identifiable information, dispute resolution record | 3 years |
| To maintain settlement and supply of goods records | Consumer identifiable information, record on payment, supply of goods, contract and contract termination | 5 years | |
| Records on contract or contract termination | |||
| Records on labeling and advertisement | Records on labeling and advertisement | 6 months | |
| Framework Act on National Taxes Article 85-3, Article 26-2 | To calculate national tax exclusion period | Evidence of all transactions for national tax | 10 years |
| To calculate the length of period for national tax collection | Documents for taxable base and tax declaration | 5 years | |
| Value-Added Tax Act Article 32 | Ledgers, tax invoices, import tax invoices, receipts, etc. | Documents for taxable base and tax declaration for value added tax | 5 years |
| Electronic Financial Transactions Act Article 22 | To confirm electronic financial transaction records | Records on Electronic Financial Transactions | 5 years |
| Protection of Communications Secrets Act Article 15-2 | Complying with disclosure requests from investigation agencies with a warrant | Website, application and other system access log | 3 months |
- If an Agreement with a seller with any past transactions (including product listings and sales) the seller has made using our services is terminated, we hold the minimum required amount of information including ID, name or company name, contact details, delivery address and bank account information for remittances for one year after the termination to provide the information to the parties to the transaction and to prevent arbitrary termination of the Agreement to knowingly bypass the restriction specified in this Notice
5. You as a user of Coupang services and as a data subject are entitled to exercise the following rights:
You or your legal representative can, at any time, access or modify your information or request deletion or suspension of processing your information that we hold.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
6. How cookies are installed and used and how to reject cookies.
Coupang does not collect and store the data automatically generated while using our services (cookies).
7. Personal Information Safeguards
Coupang maintains technical, managerial and physical safeguards necessary to ensure the security of your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
8. We appoint a Chief Privacy Officer (CPO) to protect your personal information.
① We designate a Chief Privacy Officer (CPO) who is responsible for all functions related to the processing of Personal Information and address privacy related complaints from Users and provide damage relief. See details below:
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
- Coupang: Seller Call Center / 1600-9879
- Coupang Eats Store: Seller PMO / 1600-9827
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
Privacy Notice version: 1.3
Effective date of the current Privacy Notice: July 22, 2022
Effective date of the current Privacy Notice: July 22, 2022
Privacy Notice for Sellers (Ver. 1.2)
Coupang Corp. (hereinafter “Coupang”) collects only the minimum necessary amount of information only when necessary.
We use the information we collect only to the extent that it was notified and do not use the information beyond such extent or disclose the information without your prior consent.
You are entitled to exercise all your rights related to the information we hold about you.
We will notify you of any changes we make on our Privacy Notice and post the updated Notice so that you can see the changes anytime.
This Notice describes our policies regarding how we process the personal information of our sellers
(including those who consult their potential businesses with us, hereinafter “User”)
which are consistent with applicable laws, specifically including the following privacy practices:
How Coupang protects the security of your Personal Information:
- Personal Information Collected and Used, Data Retention
- Third Party Disclosure of Personal Information
- Consignment of Personal Information
- Personal Information Deletion Procedure and Method
- User Rights and Exercising User Rights
- Automatic Collection of Personal Information and How to Object
- Personal Information Safeguards
- Chief Privacy Officer and Privacy Staff
- Notification Obligation
1. Coupang collects and uses the following types of Personal Information in relation to the services you use and retains and uses the information for the specified period:
| Category | Purpose of collection and use | Type of Personal Information collected and used | Retention period |
|---|---|---|---|
| Mandatory |
Sign-up, user identification, To provide services to sellers (e.g. sending service notifications, handling inquiries and requests, sharing settlement details, delivering marketing messages, etc.), To issue open API keys, Detecting and preventing fraud and account abuse. |
User ID, password, email, name, mobile phone number | Until the termination of the Agreement |
| (Global Seller only) To perform due diligence on Seller. | Copies of passports of owner(s) and legal representatives of Sellers | ||
| Two-factor authentication | Mobile phone number, email | ||
| To create child accounts for Sellers | Pont of contact (person in charge, mobile phone number, email, user ID) | ||
|
To issue tax invoices To provide settlement services |
Settlement information (Account information, account holder’s name, a copy of bankbook) | ||
|
<if you use our Milkrun service> To use our services and provide settlement services |
ID, password | ||
|
<Coupang Seller Academy> To identify and communicate with participants To host the seminar |
Destroyed without delay upon the completion of the seminar | ||
|
<Consultation about onboarding to Coupang Travel> To identify and seamlessly communicate with clients |
Name, mobile phone number, email | Retained for 1 month since the end of consultation and destroyed without delay | |
|
<Signing up for Coupang Travel Wow Membership Promotion> To confirm and communicate with sellers who have signed up for the seasonal promotion |
Name, mobile phone number, email | Destroyed without delay when contract extension is denied | |
|
<Application for live streaming on Live Vendor> To receive applications for live streaming and notify application results |
Destroyed without delay upon notification of application result | ||
|
<Application for Coupang Live interview> To recruit and register participants, To provide guidelines for and conduct interviews about seller experience To provide rewards |
Name of the primary contact person, mobile phone number, email, Coupang ID | Destroyed without delay when the seller withdraws consent to be registered as interview participant | |
| <Registration to training for newly-onboarded Coupang Live sellers> | Name, email | Destroyed without delay upon the completion of the training | |
|
<Coupang Live Studio rental> To make reservations for Coupang Live Studio and provide guidelines on reservation |
Destroyed after being retained for 1 month from the date of application | ||
|
<Coupang Live Studio rental> To prevent and control the spread of communicable diseases |
Name, contact information | Destroyed after being retained for 4 weeks from the date of visit | |
|
<Consultation about ads products> To provide consulting services for Coupang ads products |
Mobile phone number | Destroyed without delay after being retained for 3 months from the date of application | |
|
<Transfer of business ownership to an individual instead of a company after closing the business> To process settlements due to business ownership transfer |
Certificate of Business Suspension/Close of Business, Certificate of Registered Seal, a copy of bankbook, a copy of an ID (name, resident registration number of driver’s license number), account number, address |
Retained and destroyed according to relevant laws, such as the Framework Act on National Taxes and the Act on the Consumer Protection in Electronic Commerce | |
| Fraud detection, provision of customized content and services based on the assumption of users’ interest, preference, and tendency | Service usage history, access log, cookies(each service), IP address, device information (OS, version) | Until the termination of the Agreement | |
| Optional | To manage address book/shipping information | Additional phone number | Until the termination of the Agreement |
| To send advertisement and event information messages | Mobile phone number, email | Destroyed without delay when the seller withdraws consent or upon the termination of the contract | |
| <Reporting of ethical issues> To ensure a smooth communicate with the reporter (e.g. result of processing the report) | Name, email, phone number | Destroyed immediately upon achieving the purpose |
- We may request you to provide documentation depending on the type of service you use.
2. Coupang may share your Personal Information with third parties to the extent of its intended purpose to provide services or to comply with our legal obligations.
We use the information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except in the following circumstances:
- Data subject has consented
- Required by law or determined to be in good faith (e.g. request from investigative or law enforcement authorities made through a legitimate procedure in accordance with applicable laws)
| Party receiving the transfer (Information Manager’s contact information | Country | Time and method of transfer | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|---|---|
|
Forter Pte Ltd. (privacy@forter.com) |
Singapore | Tranferred over the network from time to time. |
• Seller name, Seller ID, transaction history. • Information relating to your use of our systems including login, authentication, and activity/ navigation data. • Information about the device from which you access our systems |
Create and improve databases to provide fraud and policy non-compliance detection services. | Duration of service delivery |
3. Coupang consigns the processing of personal information to make available to you the following services and to make the following business processes effective:
We consign the information you provide to service providers to improve our services.
① Consignment of Personal Information within Korea:
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
① Consignment of Personal Information within Korea:
| Consignee | Consigned functions |
|---|---|
| Coupang Pay | Provides settlement services and issues tax invoices |
| KSJOB, UBASE | Provide assistance and consulting on seller registration, manage sellers |
| Carrier (Daesung, KLP, JOIL, Hanbaek, KCTC, Eugene Logistics, Sebang, Dongwon LOEX, Dongbang) | Manage delivery for Milkrun pickup services |
| Amazon Web Services Inc. | Stores data, sends text messages and emails |
| Microsoft | E-mail, document/file storage and internal communication and collaboration tools |
| NHN Corp., Kakao Corp. | Send text messages and emails |
| GS Neotek | Maintains Genesys and Zendesk systems |
| UNIPOST | Issues tax invoices |
| LG U Plus | Sends text messages (SMS/LMS) |
| Salesforce | Manages sales data |
| YKAD | Sales agency for Coupang Eats |
| Shinsegae Media | Sales agency for Coupang Eats |
| Unity Whole System | Sales agency for Coupang Eats |
| APG | Sales agency for Coupang Eats |
| CSJ | Sales agency for Coupang Eats |
| Pinter | Sales agency for Coupang Eats |
| KICC | Sales and management agency for Coupang Eats |
| Studio Kwag | Food photography for Coupang Eats |
| Studio Zero | Food photography for Coupang Eats |
| UKMEDIA | Food photography for Coupang Eats |
| H13D Studio | Food photography for Coupang Eats |
| MH Studio | Food photography for Coupang Eats |
② Consignment of Personal Information outside of Korea
Coupang entrusts IT development and operation of our services to our affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.).
These affiliates comply with “7. Personal Information Safeguards”and Coupang’s security and privacy policies when carrying out their consigned services.
| Party receiving the transfer (Information Manager’s contact information) | Country | Time and method of transfer | Type of information transferred | Purpose | Retention and processing period |
|---|---|---|---|---|---|
|
Coupang Global, LLC (helpseller@coupang.com) |
USA | Transmitted through a secure network when personal information is required for business purposes | Personal information collected and used while using Coupang Eats services (sign-up, CS, payment) | Coupang service operation, research and development, fraud monitoring and detection | Until termination of consignment contract |
| Coupang (Shanghai) Co., Ltd. 韩领网络科技(上 海)有限公司 (helpseller@coupang.com) |
China | ||||
| Coupang (Beijing) Co., Ltd. 韩领网络科技(北 京)有限公司 (helpseller@coupang.com) |
China | ||||
| Salesforce (privacymark@salesforce.com) |
USA, Japan | Seller’s name, email, contact information | Using the system for seller management | ||
| Zendesk (support@zendesk.com) |
Japan | Name, email, phone number, membership number | Using CS management system to operate customer center | ||
| Genesys (GSN:yakida96@gsnict.com) |
Japan | Call recording, inbound phone number | Using call system to operate customer center | ||
| Zoom (privacy@zoom.us) |
USA | Name, email | Receiving applications for Live seller webinar | ||
| (Global Seller only) Forter Pte Ltd. (privacy@forter.com) |
Singapore |
• Seller name, Seller ID, transaction history. • Information relating to your use of our systems including login, authentication, and activity/ navigation data. • Information about the device from which you access our systems. |
Create and improve databases to provide fraud and policy non-compliance detection services. |
4. In principle, Coupang will delete your Personal Information immediately whenever the purpose for which the information was retained is fulfilled. Personal Information is deleted according to the following procedure, time limit and manner:
① Procedure and time limit
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
[Where required by company policies]
- If an Agreement with a seller with any past transactions (including product listings and sales) the seller has made using our services is terminated, we hold the minimum required amount of information including ID, name or company name, contact details, delivery address and bank account information for remittances for one year after the termination to provide the information to the parties to the transaction and to prevent arbitrary termination of the Agreement to knowingly bypass the restriction specified in this Notice
Any Personal Information no longer necessary for the purpose of which we originally collected and used will be kept safely in a separate database in accordance with the applicable laws and company policies and will be deleted without delay once the pre-defined retention period expires. In such case, Personal Information stored in a separate database will not be used for purposes other than the purpose for which you have given your consent or required by applicable law
② Deletion method
- Electronic files containing Personal Information will be deleted using a technical method that makes such information irrecoverable.
- Paper records containing Personal Information will be destroyed using methods such as incineration or shredding with a paper shredder.
③ We may further process any Personal Information required by law to be kept for a certain amount of time.
[Where required by law]
| Applicable law | Purpose | Information stored | Retention period |
|---|---|---|---|
| Act on the Consumer Protection in Electronic Commerce Article 6 | To maintain consumer complaints or dispute records | Consumer identifiable information, dispute resolution record | 3 years |
| To maintain settlement and supply of goods records | Consumer identifiable information, record on payment, supply of goods, contract and contract termination | 5 years | |
| Records on contract or contract termination | |||
| Records on labeling and advertisement | Records on labeling and advertisement | 6 months | |
| Framework Act on National Taxes Article 85-3, Article 26-2 | To calculate national tax exclusion period | Evidence of all transactions for national tax | 10 years |
| To calculate the length of period for national tax collection | Documents for taxable base and tax declaration | 5 years | |
| Value-Added Tax Act Article 32 | Ledgers, tax invoices, import tax invoices, receipts, etc. | Documents for taxable base and tax declaration for value added tax | 5 years |
| Electronic Financial Transactions Act Article 22 | To confirm electronic financial transaction records | Records on Electronic Financial Transactions | 5 years |
| Protection of Communications Secrets Act Article 15-2 | Complying with disclosure requests from investigation agencies with a warrant | Website, application and other system access log | 3 months |
- If an Agreement with a seller with any past transactions (including product listings and sales) the seller has made using our services is terminated, we hold the minimum required amount of information including ID, name or company name, contact details, delivery address and bank account information for remittances for one year after the termination to provide the information to the parties to the transaction and to prevent arbitrary termination of the Agreement to knowingly bypass the restriction specified in this Notice
5. You as a user of Coupang services and as a data subject are entitled to exercise the following rights:
You or your legal representative can, at any time, access or modify your information or request deletion or suspension of processing your information that we hold.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
If you wish to access, delete or request suspension of processing your information, please contact our privacy staff by phone.
We will make sure that your request is processed without delay.
You may only request processing (e.g. access to, deletion or suspend processing) of personal information if you are the data subject whose information we process in accordance with this Notice.
Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
• There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law
• There is a possibility of incurring damage to life, body, property and other interests of a third party.
6. How cookies are installed and used and how to reject cookies.
Coupang does not collect and store the data automatically generated while using our services (cookies).
7. Personal Information Safeguards
Coupang maintains technical, managerial and physical safeguards necessary to ensure the security of your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
① Internal privacy management plan
The Company maintains an internal privacy management plan to ensure the security of our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately.
② Access control
The Company uses security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures.
③ Measures to prevent access log tampering and alterations
The Company stores and maintains access logs for personal information processing systems and employ measures to prevent tampering or alterations of the logs.
④ Personal Information encryption
The Company encrypts your Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords.
⑤ Anti-hacking measures
The Company operates 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections.
We regularly update our anti-virus software to ensure that we immediately react to new virus threats with the latest software and prevent privacy breaches.
We also constantly strive to keep up with new emerging hacking techniques and security technologies and apply them to our services.
⑥ Personal Information handled by minimum necessary staff and training
The Company restricts access to User’s Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions.
We provide regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
We also require our staff to sign non-disclosure agreements before joining to prevent human error-caused privacy breaches and maintain internal procedures for audits to ensure that our privacy policies are enforced and our staff comply with such policies.
We make sure that any staff handling Personal Information are handed over with the role in a secure and thorough manner and clearly define liability for privacy breaches that occur during employment and after termination.
8. We appoint a Chief Privacy Officer (CPO) to protect your personal information.
① We designate a Chief Privacy Officer (CPO) who is responsible for all functions related to the processing of Personal Information and address privacy related complaints from Users and provide damage relief. See details below:
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
Department: Seller Call Center, Seller PMO (Coupang Eats Store)
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
CPO
Name: Kwan Hee Hong
Phone number: 1600-9879
Email: helpseller@coupang.com
Department handling privacy complaints
Department: Seller Call Center, Seller PMO (Coupang Eats Store)
Phone number: 1600-9879 / 1600-9827 (Coupang Eats Store)
② If you have any questions on, wish to file a complaint or need assistance on damage relief with regards to your privacy while using our service (or business), please contact our CPO or our Customer Service.
③ If you wish to report or consult on a privacy breach, contact:
▶ Korea Internet & Security Agency Personal Information Infringement Reporting Center: 118 (no area code required) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team at the Supreme Prosecutors’ Office: 1301 (no area code required) / www.spo.go.kr
▶ Korean National Police Agency Cyber Bureau: 182 / www.cyber.go.kr
9. Our policy on changes to this Privacy Notice:
This Notice will be applicable from the date of its effective date. When we add, remove or correct any part of this Notice as a result of an updated law or our policies, we will provide you notice seven days prior to the effective date of any such change.
Any substantive changes to the rights of our Users including the collection and use of personal information and third-party disclosure will be notified to you at least 14 days prior.
Any updates to the Notice to reflect any changing legal requirements or our policies will be promptly made available to you on our website.
Privacy Notice version: 1.2
Publication date of the current Privacy Notice: March 9, 2022
Effective date of the current Privacy Notice: March 23, 2022
Any substantive changes to the rights of our Users including the collection and use of personal information and third-party disclosure will be notified to you at least 14 days prior.
Any updates to the Notice to reflect any changing legal requirements or our policies will be promptly made available to you on our website.
Privacy Notice version: 1.2
Publication date of the current Privacy Notice: March 9, 2022
Effective date of the current Privacy Notice: March 23, 2022
Privacy Notice for Global Marketplace Community Members and Sellers ver1.1
This Notice describes how Coupang Corp. (“Coupang”, “Us”, “We” or “Our”) collects, processes and transfers Personal Information collected from Marketplace Community Members and Sellers (“You”, “Your”) and includes the following sections:
- Collection, Processing and Retention
- Disclosure to Third Parties
- Consignment
- Disclosure to Government Authorities
- Retention and Deletion
- Data Subject Rights
- Automatic Collection of Personal Information
- Personal Information Safeguards
- Chief Privacy Officer and Staff Responsible for Privacy Inquiries
- Notification Obligation
1. Collection, Processing and Retention:
Our collection, processing and retention of Personal Information is as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Seller, We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Name, phone number (land line and mobile), and e-mail address of primary contact person of the Member. | To provide the Member with information on new products and services and to support the Member with Seller registration (if applicable). | Until the termination of membership or such longer period as required to fulfill Our legal obligations and/or internal policy requirements. |
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Copies of passports of owner(s) and legal representatives of Sellers. | To perform due diligence on Seller. | Until the termination of Seller status or such longer period as required to fulfill Our legal obligations and/or internal policy requirements |
|
|
|
|
To perform credibility assessment including fraud and policy non-compliance detection. | |
| Settlement information (name of bank account holder, account number, copy of account passbook.) | To provide settlement services and issue tax invoices. | |
| Inform of Coupang Live application and result | email address | Deleted without delay after notification |
2. Disclosure to Third Parties:
We may disclose your Personal Information to the following third parties.
a) Provision of Personal Information outside of South Korea:
*For more information, refer to: https://www.forter.com/service-privacy-policy/ or contact privacy@forter.com
a) Provision of Personal Information outside of South Korea:
| Recipient/country | Time and method of provision | Purpose of provision | Information provided | Period of use and retention |
|---|---|---|---|---|
| Forter Pte Ltd. * Singapore | Tranferred over the network from time to time. | Create and improve databases to provide fraud and policy non-compliance detection services. * |
|
Duration of service delivery |
3. Consignment:
We may consign the processing of your Personal Information to third party service providers to improve Our services.
a) Consignment of Personal Information within South Korea:
b) Consignment of Personal Information outside of South Korea:
a) Consignment of Personal Information within South Korea:
| Consignee | Consigned functions |
|---|---|
| Hyosung ITX | Provide assistance and consulting on seller registration, manage sellers. |
| Carriers | Manage delivery for Milkrun pickup services. |
| Amazon Web Services Inc. | Data storage services. |
| Microsoft | E-mail, document/file storage and internal communication and collaboration tools. |
b) Consignment of Personal Information outside of South Korea:
| Consignee | Country | Time and method of transfer | Type of information transferred | Purpose and processing period |
|---|---|---|---|---|
| Coupang Global, LLC | US | Transferred over the network when necessary to perform a business purposes. | Information collected and used while performing a business purpose | For research and development purposes until the retention period expires. |
| Coupang (Shanghai) Co., Ltd. 韩领网络科技(上海)有限公司 (한림네트워크(상해)유한공사) |
China | |||
| Coupang (Beijing) Co., Ltd. 韩领网络科技(北京)有限公司 (한림네트워크(북경)유한공사) |
China | |||
| CPLB (Shenzhen) Co., Ltd. 韩领商贸(深圳)有限公司 |
China | |||
| IBM Security | US, India | Transferred over the network when necessary to perform a business purpose. | Information collected and used while performing a business purpose | To operate the Security Operation Center and perform related analysis until the retention period expires. |
| Salesforce | US, Japan | Transferred over the network when service is used. | Information collected and used while performing a business purpose. | To operate and maintain overseas data center where Personal Information is stored until the retention period expires. |
| Forter Pte Ltd. | Singapore | Transferred over the network, frequently. |
|
Duration of service delivery. |
4. Disclosure to Government Authorities:
We use the Personal Information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except as required by applicable law or in response to a request from government authorities or law enforcement made through a legitimate procedure in accordance with applicable law.
5. Retention and Deletion:
a) Any Personal Information retained beyond the termination of membership or Seller status (as applicable) will be kept safely in accordance with applicable laws and Coupang policies and will be deleted promptly once the applicable retention period expires. In such case, such Personal Information will only be used for the specific purpose for which it was retained and/or as otherwise required by applicable law.
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
d) Retention periods required by Our policies are as follows:
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
| Information retained | Retention | Legal basis |
|---|---|---|
| Records on contracts, settlements, and transactons. | 5 years | Commercial Act |
| Website access log. | 3 months | Electronic Communications Privacy Act |
| Information retained | Retention | Legal basis |
|---|---|---|
| Seller ID, Seller name, Seller CEO name, and contact details. | 1 years | Fraud detection and prevention. |
6. Data Subject Rights:
a) You can, at any time, access, update/correct, or request the deletion or suspension of processing your Personal Information that we hold. If you exercise any of these rights, please email or call the points of contact listed below, and we will promptly process your request.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
7. Automatic Collection of Personal Information:
a) Cookies are small text files placed on Your computer hard drive by the server servicing our website. At the time a cookie is loaded, You have the choice of accepting or rejecting the collection of your Personal Information by cookies. However, please be aware that rejecting cookies may limit certain functions on our website (such as services requiring a sign-in) from operating correctly.
b) How You manage cookies depends on the Internet browser You are using:
b) How You manage cookies depends on the Internet browser You are using:
- If you are using Internet Explorer, go to ‘Tools’ in the menu bar > click on ‘Internet Options’ > click on ‘Privacy’ tab > select an option.
- If you are using Chrome, at the top right click ‘’ > click ‘Settings’ > select ‘Show advanced settings’ at the bottom > in the ‘Privacy’ section, click ‘Content settings’ button > in the ‘Cookies’ section, select an option.
8. Personal Information Safeguards
a) We maintain the following technical, managerial and physical safeguards necessary to ensure the security of Your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged:
- an internal privacy management plan to ensure the security of Our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately;
- security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures;
- access logs for Personal Information processing systems and employ measures to prevent tampering or alterations of the logs;
- encryption of Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords;
- 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections;
- access restrictions to Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions; and
- regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
9. Chief Privacy Officer and Staff Responsible for Privacy Inquiries
The Chief Privacy Officer (CPO) and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints and address damage from privacy-related issues. Customers may make inquiries, raise complaints or ask for damage relief regarding privacy issues through the contact points below. Coupang will promptly respond to and handle inquiries.
Customers who need to receive consultation on privacy matters or report a personal data breach may also contact the following authorities:
| Chief Privacy Officer | Department Handling Privacy Complaints |
|---|---|
|
Name: Max Leveson Email address: privacy@coupang.com |
Department: Privacy and Data Governance Email address: privacy@coupang.com |
- Korea Internet & Security Agency: 82-2-405-5118 | https://privacy.kisa.or.kr
- Cybercrime Investigation Team, Supreme Prosecutors' Office: 82-2-3480-2337 | https://www.spo.go.kr
- Cybercrime Investigation Team at the National Police Agency: https://cyberbureau.police.go.kr
10. Notification Obligation
This Privacy Notice takes effect from its effective date. Should there be grounds for a material change to customer's right to data privacy, customers will be notified by Coupang at least 14 days before the change. Other changes will be notified to customers at least 7 days prior to their implementation.
Version 1.1
Release date: December 10 2020
Effective date: December 11 2020
Version 1.1
Release date: December 10 2020
Effective date: December 11 2020
Privacy Notice for Global Marketplace Community Members and Sellers ver1.0
This Notice describes how Coupang Corp. (“Coupang”, “Us”, “We” or “Our”) collects, processes and transfers Personal Information collected from Marketplace Community Members and Sellers (“You”, “Your”) and includes the following sections:
- Collection, Processing and Retention
- Disclosure to Third Parties
- Consignment
- Disclosure to Government Authorities
- Retention and Deletion
- Data Subject Rights
- Automatic Collection of Personal Information
- Personal Information Safeguards
- Chief Privacy Officer and Staff Responsible for Privacy Inquiries
- Notification Obligation
1. Collection, Processing and Retention:
Our collection, processing and retention of Personal Information is as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Seller, We will collect, process and retain additional Personal Information as follows:
• If you choose to become a Marketplace Community Member (“Member”), We will collect, process and retain additional Personal Information as follows:
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Name, phone number (land line and mobile), and e-mail address of primary contact person of the Member. | To provide the Member with information on new products and services and to support the Member with Seller registration (if applicable). | Until the termination of membership or such longer period as required to fulfill Our legal obligations and/or internal policy requirements. |
| Personal Information collected | Purpose of collection and use | Retention period |
|---|---|---|
| Copies of passports of owner(s) and legal representatives of Sellers. | To perform due diligence on Seller. | Until the termination of Seller status or such longer period as required to fulfill Our legal obligations and/or internal policy requirements |
|
|
|
|
To perform credibility assessment including fraud and policy non-compliance detection. | |
| Settlement information (name of bank account holder, account number, copy of account passbook.) | To provide settlement services and issue tax invoices. |
2. Disclosure to Third Parties:
We may disclose your Personal Information to the following third parties.
a) Provision of Personal Information outside of South Korea:
*For more information, refer to: https://www.forter.com/service-privacy-policy/ or contact privacy@forter.com
a) Provision of Personal Information outside of South Korea:
| Recipient/country | Time and method of provision | Purpose of provision | Information provided | Period of use and retention |
|---|---|---|---|---|
| Forter Pte Ltd. * Singapore | Tranferred over the network from time to time. | Create and improve databases to provide fraud and policy non-compliance detection services. * |
|
Duration of service delivery |
3. Consignment:
We may consign the processing of your Personal Information to third party service providers to improve Our services.
a) Consignment of Personal Information within South Korea:
b) Consignment of Personal Information outside of South Korea:
a) Consignment of Personal Information within South Korea:
| Consignee | Consigned functions |
|---|---|
| Hyosung ITX | Provide assistance and consulting on seller registration, manage sellers. |
| Carriers | Manage delivery for Milkrun pickup services. |
| Amazon Web Services Inc. | Data storage services. |
| Microsoft | E-mail, document/file storage and internal communication and collaboration tools. |
b) Consignment of Personal Information outside of South Korea:
| Consignee | Country | Time and method of transfer | Type of information transferred | Purpose and processing period |
|---|---|---|---|---|
| Coupang Global, LLC | US | Transferred over the network when necessary to perform a business purposes. | Information collected and used while performing a business purpose | For research and development purposes until the retention period expires. |
| Coupang (Shanghai) Co., Ltd. 韩领网络科技(上海)有限公司 (한림네트워크(상해)유한공사) |
China | |||
| Coupang (Beijing) Co., Ltd. 韩领网络科技(北京)有限公司 (한림네트워크(북경)유한공사) |
China | |||
| CPLB (Shenzhen) Co., Ltd. 韩领商贸(深圳)有限公司 |
China | |||
| IBM Security | US, India | Transferred over the network when necessary to perform a business purpose. | Information collected and used while performing a business purpose | To operate the Security Operation Center and perform related analysis until the retention period expires. |
| Salesforce | Transferred over the network when service is used. | Information collected and used while performing a business purpose. | To operate and maintain overseas data center where Personal Information is stored until the retention period expires. | |
| Forter Pte Ltd. | Singapore | Transferred over the network, frequently. |
|
Duration of service delivery. |
4. Disclosure to Government Authorities:
We use the Personal Information we collect solely for the purposes for which you have given your consent and do not disclose or provide such information to any third party beyond the extent to which you have given your consent, except as required by applicable law or in response to a request from government authorities or law enforcement made through a legitimate procedure in accordance with applicable law.
5. Retention and Deletion:
a) Any Personal Information retained beyond the termination of membership or Seller status (as applicable) will be kept safely in accordance with applicable laws and Coupang policies and will be deleted promptly once the applicable retention period expires. In such case, such Personal Information will only be used for the specific purpose for which it was retained and/or as otherwise required by applicable law.
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
d) Retention periods required by Our policies are as follows:
b) Electronic files containing Personal Information will be deleted using technical methods that makes such information irrecoverable. Paper records containing Personal Information will be destroyed using methods such as incineration or shredding.
c) Retention periods required by applicable law are as follows:
| Information retained | Retention | Legal basis |
|---|---|---|
| Records on contracts, settlements, and transactons. | 5 years | Commercial Act |
| Website access log. | 3 months | Electronic Communications Privacy Act |
| Information retained | Retention | Legal basis |
|---|---|---|
| Seller ID, Seller name, Seller CEO name, and contact details. | 1 years | Fraud detection and prevention. |
6. Data Subject Rights:
a) You can, at any time, access, update/correct, or request the deletion or suspension of processing your Personal Information that we hold. If you exercise any of these rights, please email or call the points of contact listed below, and we will promptly process your request.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
b) You may only exercise the above rights with respect to Personal Information relates to you. Any attempt to obtain Personal Information by deception or invade the privacy of others may lead to civil and criminal penalties.
7. Automatic Collection of Personal Information:
a) Cookies are small text files placed on Your computer hard drive by the server servicing our website. At the time a cookie is loaded, You have the choice of accepting or rejecting the collection of your Personal Information by cookies. However, please be aware that rejecting cookies may limit certain functions on our website (such as services requiring a sign-in) from operating correctly.
b) How You manage cookies depends on the Internet browser You are using:
b) How You manage cookies depends on the Internet browser You are using:
- If you are using Internet Explorer, go to ‘Tools’ in the menu bar > click on ‘Internet Options’ > click on ‘Privacy’ tab > select an option.
- If you are using Chrome, at the top right click ‘’ > click ‘Settings’ > select ‘Show advanced settings’ at the bottom > in the ‘Privacy’ section, click ‘Content settings’ button > in the ‘Cookies’ section, select an option.
8. Personal Information Safeguards
a) We maintain the following technical, managerial and physical safeguards necessary to ensure the security of Your Personal Information so that Personal Information may not be lost, stolen, leaked, altered or damaged:
- an internal privacy management plan to ensure the security of Our Personal Information processing activities and performs information security audits to ensure that Personal Information safeguards are in place and any weaknesses identified are remediated immediately;
- security solutions such as intrusion prevention system to protect against unauthorized access from the external network and works to protect the security of all other systems by adopting all possible technical measures;
- access logs for Personal Information processing systems and employ measures to prevent tampering or alterations of the logs;
- encryption of Personal Information during transmission using encrypted network protocols as well as any critical data that we store such as passwords;
- 24-hour security monitoring using systems that can detect and stop intrusion attempts from hackers or other malicious actors and use anti-virus software to prevent damages from computer virus infections;
- access restrictions to Personal Information to the necessary staff who need to handle Personal Information for performing specific job functions; and
- regular training on privacy obligations and security and run campaign programs for all staff who process Personal Information.
9. Chief Privacy Officer and Staff Responsible for Privacy Inquiries
The Chief Privacy Officer (CPO) and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints and address damage from privacy-related issues. Customers may make inquiries, raise complaints or ask for damage relief regarding privacy issues through the contact points below. Coupang will promptly respond to and handle inquiries.
Customers who need to receive consultation on privacy matters or report a personal data breach may also contact the following authorities:
| Chief Privacy Officer | Department Handling Privacy Complaints |
|---|---|
|
Name: Max Leveson Email address: privacy@coupang.com |
Department: Privacy and Data Governance Email address: privacy@coupang.com |
- Korea Internet & Security Agency: 82-2-405-5118 | https://privacy.kisa.or.kr
- Cybercrime Investigation Team, Supreme Prosecutors' Office: 82-2-3480-2337 | https://www.spo.go.kr
- Cybercrime Investigation Team at the National Police Agency: https://cyberbureau.police.go.kr
10. Notification Obligation
This Privacy Notice takes effect from its effective date. Should there be grounds for a material change to customer's right to data privacy, customers will be notified by Coupang at least 14 days before the change. Other changes will be notified to customers at least 7 days prior to their implementation.
Version 1.0
Release date: October 5 2020
Effective date: October 12 2020
Version 1.0
Release date: October 5 2020
Effective date: October 12 2020