Supplier Privacy Notice

1. Personal Information Collected, Purpose of Collection, and Retention Period

2. Provision and Consignment of Personal Information

3. Use and Provision Without Supplier’s Consent

4. Procedure for and Methods of Destroying Personal Information

5. Rights and Obligations of Supplier and Legal Representatives and How to Exercise the Rights

6. Personal Information Safeguard Measures

7. Chief Privacy Officer and Customer Support Team

Coupang Corp. (hereinafter referred to as “Coupang”) establishes and discloses the following Privacy Notice to protect suppliers’ personal information in accordance with the Personal Information Protection Act and handle related issues in a quick and seamless manner. Any updates to this Privacy Notice will be posted on our website’s notice board, including the effective date and the details of the revision. .

This Privacy Notice applies to Coupang suppliers and Live Vendors used by them. This does not apply to other services provided by Coupang.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang is not used but for the original purpose of collection, and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act. Coupang processes and retains personal information within the period of retention and use prescribed by the applicable laws or within the time period notified to and agreed to by the supplier at the time of collecting their personal information. The period of processing and retaining personal information under the applicable laws can be found under 4. Procedure for and Methods of Destroying Personal Information.

Coupang collects the minimum amount of personal information necessary for suppliers’ membership sign-up or service use.

Type	Purpose of Collection	Information Collected	Period of Retention and Use
Required	Membership sign-up, user identification, and member management	User ID, name, email, mobile number, password	Destroyed upon the termination of the contract of use
	Fraud prevention	User ID, email, mobile number, address, and service use records detected as a fraud	Retained for 1 year after the termination of the contract of use and then destroyed
	To verify the name of corporation or representative	Copy of bankbook	Retained for 14 days after the collection and then destroyed

Coupang may collect additional personal information(Abbreviation: ‘PI’) after obtaining the consent of the supplier to provide various services.

Purpose of Collection	Information Collected	Period of Retention and Use
Settlement, issuance of tax invoices, and payment services	Bank account information (bank name, account holder name, account number), copy of bankbook	Destroyed upon the termination of the contract of use
Issuing an account and supporting/handling work	User ID, name, email, phone number, mobile number, password	Destroyed upon the termination of the contract of use
‘Coupang Live’ seller experience interview and providing reward	User ID, name, email, mobile number	Destroyed upon withdrawal of consent for registration of interview participation
‘Coupang Live’ Studio reservation and overall communication	User ID, name, email, mobile number	Destroyed within 1 month from the date of application
etc	Advertising, onboarding, partnership consultation/consulting and overall communication	Name, email, mobile number	Destroyed within 3 months after the end of consultation/consulting
Training and overall communication	User ID, name, email, mobile number	Destroyed within 3 months after the end of training

Coupang collects cookies that are automatically generated during the use of the service in order to provide the “language selection” feature.

hidden

How to decline Cookies

Web browser

Internet Explorer: Menu > Tools > Internet Options > General > Browsing History > ‘Delete’ and ‘Settings’
Google Chrome: Menu > Settings > ‘Privacy and Security’
Safari: Preferences > ‘Prevent cross-site tracking’ and ‘Block all cookies’
Major internet web browsers including Firefox and Opera are also providing cookie deletion features.

Mobile

Android: Home > Settings > Google > Ads > Turn on “Opt out of Ads Personalization”
iPhone: Home > Settings > Privacy > Tracking > Turn off “Allow apps to request to Track”

2. Provision and Consignment of Personal Information

Coupang provides personal information to third parties only within the scope of consent obtained from the supplier.

Coupang may provide personal information in accordance with the due process of law, for instance, where there are special provisions in applicable laws such as the Personal Information Protection Act, Act On Promotion Of Information And Communications Network Utilization And Information Protection, Protection Of Communications Secrets Act, Telecommunications Business Act, Act On The Consumer Protection In Electronic Commerce, Framework Act On National Taxes, Credit Information Use And Protection Act, or a warrant or an official document signed by the head of the organization is presented. In particular, Coupang can provide personal information to related authorities without the consent of the supplier in the event of an emergency such as a disaster, infectious disease, event or accident that causes imminent threat to life or health, or imminent loss of property.

Coupang consigns the processing of personal information to effectively provide services. In accordance with Article 26 of the Personal Information Protection Act, Coupang stipulates the following details in the consignment contract: prohibition of personal information processing for purposes other than to perform consigned tasks, technical and administrative safeguard measures, restrictions on re-consignment, management and oversight of the consignee, and the liability for damages. Coupang also manages and oversees whether the consignee processes personal information.

Consignee	Purpose of Consignment
Amazon Web Services	Data storage
LG Uplus, KT, Kakao, NHN, LG CNS	Message delivery service
Unipost	Tax invoice processing
Samsung SDS	Payment processing
UBASE, KS KBSJOB, Transcosmos Korea	CS counseling

Consignee (Information Management Officer)	Country	Date and Method	Information Transferred	Purpose of consignment	Period of Retention and Use
Coupang Global LLC*	U.S.	Transmission over secure network when personal information is required for business purpose	Personal information collected and used when using the service	System Development and maintenance	Destroyed upon termination of consignment contract
Coupang (Shanghai) Co., Ltd.*	China
Coupang (Beijing) Co., Ltd.*
Genesys (GSN:yakida96@gsnict.com)	Japan	Call transcripts, phone/mobile numbers of incoming calls	To use call system for customer center operation
Zendesk (support@zendesk.com)	Japan	Name, email, phone/mobile number, customer management number	To use consultation management system for customer center operation
MaestroQA (privacy@maestroqa.com)	U.S.	Recording file, customer management number, order number, Customer support records	Customer service quality management
Qualtrics (privacy@qualtrics.com)	Australia	Personal information collected and used when applying for participation in Coupang Research (interviews, surveys) and conducting the research	To manage Coupang Research (interviews, surveys) panels and to conduct research and analyze the results
Amazon Web Services (aws-korea-privacy@amazon.com)	Singapore	Transmission over a secure network when backing up	Data for system recovery	Remote backup for providing reliable service in case of disaster
U.S.	Transmission over a secure network when sending emails	Email	Email dispatch

3. Use and Provision Without Supplier’s Consent

Coupang processes and provides personal information only within the scope of consent obtained from the supplier. However, pursuant to Articles 15(3) and 17(4) of the Personal Information Protection Act, the personal information may be additionally used or provided without the supplier’s consent. Coupang will take into account the following details when additionally using or providing personal information without the consent of the data subject:

Whether it is relevant to the original purpose of collection

Whether the additional use or provision of personal information is predictable in light of the circumstances where personal information was collected or the practice of personal information processing

Whether the interests of the supplier are unjustly infringed

Whether necessary security measures such as pseudonymization or encryption have been taken

Should the additional use or provision of personal information continue to happen, we will disclose the criteria for deciding the above and assess whether those criteria are being met.

4. Procedure for and Methods of Destroying Personal Information

Coupang destroys personal information without delay when the information is rendered unnecessary by the expiration of its retention period or by achieving the purpose of processing. However, in accordance with the internal policy pursuant to Article 15(1)6 of the Personal Information Protection Act, the records of actions taken against fraudulent activities are separately retained for 5 years and then destroyed.

The procedure for and methods of destroying personal information are as follows:

Procedure of Destruction : Once the purpose of personal information collection and use has been achieved, the information is separately stored and then destroyed after retaining for a certain period of time in obligation with the internal policies and applicable laws
Methods of Destruction : Personal information in electronic form is destroyed through means that will make the data irrecoverable, whereas personal information stored in a hard copy format is destroyed using a shredder.

However, if it is required by applicable laws to retain personal information even after the expiration of personal information retention period consented by the supplier or after achieving the purpose of processing, Coupang separately stores and manages to retain the necessary personal information.

Information Retained	Retention Period	Statutory Grounds
Records of settlement and supplying goods, etc.	5 years	Act On the Consumer Protection In Electronic Commerce
Records of contract or subscription withdrawal, etc.	5 years
Records of customer complaints or settlement of disputes	3 years
Records of indication or advertisement	6 months
Records of electronic financial transactions	5 years	Electronic Financial Transactions Act
Website/app visit history	3 months	Protection Of Communications Secrets Act
Evidential materials on national taxes for all transactions	10 years	Framework Act On National Taxes
Tax base and tax-filing materials	5 years	Framework Act On National Taxes
Tax base for value-added tax and tax-filing materials	5 years	Value-added Tax Act

5. Rights and Obligations of Supplier and Legal Representatives and How to Exercise the Rights

A supplier’s personal information can be viewed, corrected, deleted, withdrawing of consent or suspension of processing by using the following procedure: Personal information that cannot be directly accessed on the service can be accessible by making a request to the Customer Support and Compliant Handling Team specified under “7. Chief Privacy Officer and Customer Support Team.” The progress (or the results) made on (or the results of handling) the supplier’s request will be replied within 10 days. A legal representative or a delegated representative must prove his or her legitimate representative status by submitting a power of attorney and a certificate of family relations, etc.

hidden

How to check the PI in the service

SupplierHub > ID on the top right corner > My Account
Live Vendor > Live broadcast account

However, withdrawing of consent or deleting or suspending the processing of personal information may be limited in the following cases:

Where there are special legal provisions, or it is inevitable to fulfil a legal obligation;

Where there is a possibility of causing harm to another person’s life or body or unjustly infringing on another person’s property or interests; or

Where the services agreed upon by the customer cannot be provided unless personal information is processed and the supplier has not clearly stated his/her intention to terminate the contract.

User ID and password should not be transferred or lent to others, and Coupang is not responsible for any issues caused by such actions. Any act of inflicting damage on the information and dignity of others is punishable by the Personal Information Protection Act and the Act On Promotion Of Information And Communications Network Utilization And Information Protection.

6. Personal Information Safeguard Measures

Coupang has technical and administrative safeguard measures in place to ensure that suppliers’ personal information is not stolen, leaked, forged or damaged while processing the information.

Technical Safeguards : real-time monitoring and blocking of hacking attempts and data leak, enhanced access control on personal information processing systems, storage of access logs and prevention of their forgery/alteration, at-rest encryption of passwords and critical information, and in-transit encryption of data

Administrative Safeguards : Operation of a dedicated privacy team, regular training for personal information handlers, awareness-raising activities for employees, and regular audits for compliance

7. Chief Privacy Officer and Customer Support Team

Coupang designates a Chief Privacy Officer in charge of personal information protection as below to take responsibility for the processing of personal information, and to handle complaints and damage relief from suppliers related to personal information processing.

Category			Description
Privacy Team			Privacy Compliance
Inquiry Response Team	Supplier Call Center	Contact	1600-9879

Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)

Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)

Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)

Korean National Police Agency: 182 (ecrm.cyber.go.kr)

Effective Date: 4. 1. 2024

※ If you have any questions about privacy notice that is not indicated, please contact customer support team.

Supplier Privacy Notice

Announcements