Supplier Privacy Notice (V.3.2)

Coupang Corp. (hereinafter referred to as “Coupang”) establishes and discloses the following Privacy Notice to protect suppliers’ personal information in accordance with the Personal Information Protection Act and handle related issues in a quick and seamless manner. Any updates to this Privacy Notice will be posted on our website’s notice board, including the effective date and the details of the revision. .

This Privacy Notice applies to Coupang suppliers and Live Vendors used by them. This does not apply to other services provided by Coupang.

1. Personal Information Collected, Purpose of Collection, and Retention Period

Coupang is not used but for the original purpose of collection, and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent under Article 18 of the Personal Information Protection Act. Coupang processes and retains personal information within the period of retention and use prescribed by the applicable laws or within the time period notified to and agreed to by the supplier at the time of collecting their personal information. The period of processing and retaining personal information under the applicable laws can be found under 5. Procedure for and Methods of Destroying Personal Information.
Coupang collects the minimum amount of personal information necessary for suppliers’ membership sign-up or service use.
Type Purpose of Collection Information Collected Period of Retention and Use
Required Membership sign-up, user identification, and member management User ID, name, email, mobile number, password Destroyed upon the termination of the
contract of use
Fraud prevention User ID, email, mobile number, address, and service use records detected as a fraud Retained for 1 year after the termination of the contract of use and then destroyed
To verify the name of corporation or
representative
Copy of bankbook Retained for 14 days after the collection and then destroyed

Coupang may collect additional personal information(Abbreviation: ‘PI’) after obtaining the consent of the supplier to provide various services.

‘PI’ additionally collected by separate services
Coupang collects cookies that are automatically generated during the use of the service in order to provide the “language selection” feature.

Web browser

  • Internet Explorer: Menu > Tools > Internet Options > General > Browsing History > ‘Delete’ and ‘Settings’
  • Google Chrome: Menu > Settings > ‘Privacy and Security’
  • Safari: Preferences > ‘Prevent cross-site tracking’ and ‘Block all cookies’
  • Major internet web browsers including Firefox and Opera are also providing cookie deletion features.

Mobile

  • Android: Home > Settings > Google > Ads > Turn on “Opt out of Ads Personalization”
  • iPhone: Home > Settings > Privacy > Tracking > Turn off “Allow apps to request to Track”

2. Provision and Consignment of Personal Information

Coupang provides personal information to third parties only within the scope of consent obtained from the supplier.

Coupang may provide personal information in accordance with the due process of law, for instance, where there are special provisions in applicable laws such as the Personal Information Protection Act, Act On Promotion Of Information And Communications Network Utilization And Information Protection, Protection Of Communications Secrets Act, Telecommunications Business Act, Act On The Consumer Protection In Electronic Commerce, Framework Act On National Taxes, Credit Information Use And Protection Act, or a warrant or an official document signed by the head of the organization is presented. In particular, Coupang can provide personal information to related authorities without the consent of the supplier in the event of an emergency such as a disaster, infectious disease, event or accident that causes imminent threat to life or health, or imminent loss of property.

Coupang consigns the processing of personal information to effectively provide services. In accordance with Article 26 of the Personal Information Protection Act, Coupang stipulates the following details in the consignment contract: prohibition of personal information processing for purposes other than to perform consigned tasks, technical and administrative safeguard measures, restrictions on re-consignment, management and oversight of the consignee, and the liability for damages. Coupang also manages and oversees whether the consignee processes personal information.
ConsigneePurpose of Consignment
Amazon Web ServicesData storage
LG Uplus, KT, Kakao, NHN, LG CNSMessage delivery service
UnipostTax invoice processing
Samsung SDSPayment processing
UBASE, KS KBSJOB, Transcosmos KoreaCS counseling
Personal information processing works consigned overseas include:
Overseas consignees of 'PI'

3. Use and Provision Without Supplier’s Consent

Coupang processes and provides personal information only within the scope of consent obtained from the supplier. However, pursuant to Articles 15(3) and 17(4) of the Personal Information Protection Act, the personal information may be additionally used or provided without the supplier’s consent. Coupang will take into account the following details when additionally using or providing personal information without the consent of the data subject:
  • Whether it is relevant to the original purpose of collection
  • Whether the additional use or provision of personal information is predictable in light of the circumstances where personal information was collected or the practice of personal information processing
  • Whether the interests of the supplier are unjustly infringed
  • Whether necessary security measures such as pseudonymization or encryption have been taken
  • Should the additional use or provision of personal information continue to happen, we will disclose the criteria for deciding the above and assess whether those criteria are being met.

    4. Processing of Pseudonymized Information

    In some circumstances where it is necessary for statistics, scientific research, archiving for public interest, or other purposes, Coupang may pseudonymize the collected personal information so that it can no longer be identified an individual.

    Coupang will disclose in this Privacy Notice in the event it processes, consigns, or provides a third party with the pseudonymized information pursuant to Articles 28(2) through 28(7) of the Personal Information Protection Act. Coupang will ensure that only the minimum necessary amount of information is pseudonymized, the pseudonymized data is separately stored and managed to prevent it from being re-identified, and necessary technical and administrative safeguard measures are taken.

    5. Procedure for and Methods of Destroying Personal Information​

    Coupang destroys personal information without delay when the information is rendered unnecessary by the expiration of its retention period or by achieving the purpose of processing. However, in accordance with the internal policy pursuant to Article 15(1)6 of the Personal Information Protection Act, the records of actions taken against fraudulent activities are separately retained for 5 years and then destroyed.

    The procedure for and methods of destroying personal information are as follows:

    •  Procedure of Destruction : Once the purpose of personal information collection and use has been achieved, the information is separately stored and then destroyed after retaining for a certain period of time in obligation with the internal policies and applicable laws
    • Methods of Destruction : Personal information in electronic form is destroyed through means that will make the data irrecoverable, whereas personal information stored in a hard copy format is destroyed using a shredder.

    However, if it is required by applicable laws to retain personal information even after the expiration of personal information retention period consented by the supplier or after achieving the purpose of processing, Coupang separately stores and manages to retain the necessary personal information.

    Information RetainedRetention PeriodStatutory Grounds
    Records of settlement and supplying goods, etc.5 yearsAct On the Consumer Protection In Electronic Commerce
    Records of contract or subscription withdrawal, etc.5 years
    Records of customer complaints or settlement of disputes3 years
    Records of indication or advertisement6 months
    Records of electronic financial transactions5 yearsElectronic Financial Transactions Act
    Website/app visit history3 monthsProtection Of Communications Secrets Act
    Evidential materials on national taxes for all transactions10 yearsFramework Act On National Taxes
    Tax base and tax-filing materials5 years
    Tax base for value-added tax and tax-filing materials5 yearsValue-added Tax Act

    6. Rights and Obligations of Supplier and Legal Representatives and How to Exercise the Rights

    A supplier’s personal information can be viewed, corrected, deleted, withdrawing of consent or suspension of processing by using the following procedure: Personal information that cannot be directly accessed on the service can be accessible by making a request to the Customer Support and Compliant Handling Team specified under “8. Chief Privacy Officer and Customer Support Team.” The progress (or the results) made on (or the results of handling) the supplier’s request will be replied within 10 days. A legal representative or a delegated representative must prove his or her legitimate representative status by submitting a power of attorney and a certificate of family relations, etc.
    • SupplierHub > ID on the top right corner >  My Account
    • Live Vendor > Live broadcast account
    However, withdrawing of consent or deleting or suspending the processing of personal information may be limited in the following cases:
  • Where there are special legal provisions, or it is inevitable to fulfil a legal obligation;
  • Where there is a possibility of causing harm to another person’s life or body or unjustly infringing on another person’s property or interests; or
  • Where the services agreed upon by the customer cannot be provided unless personal information is processed and the supplier has not clearly stated his/her intention to terminate the contract.
  • User ID and password should not be transferred or lent to others, and Coupang is not responsible for any issues caused by such actions. Any act of inflicting damage on the information and dignity of others is punishable by the Personal Information Protection Act and the Act On Promotion Of Information And Communications Network Utilization And Information Protection.

    7. Personal Information Safeguard Measures

    Coupang has technical and administrative safeguard measures in place to ensure that suppliers’ personal information is not stolen, leaked, forged or damaged while processing the information.
  • Technical Safeguards : real-time monitoring and blocking of hacking attempts and data leak, enhanced access control on personal information processing systems, storage of access logs and prevention of their forgery/alteration, at-rest encryption of passwords and critical information, and in-transit encryption of data
  • Administrative Safeguards : Operation of a dedicated privacy team, regular training for personal information handlers, awareness-raising activities for employees, and regular audits for compliance
  • 8. Chief Privacy Officer and Customer Support Team

    Coupang designates a Chief Privacy Officer in charge of personal information protection as below to take responsibility for the processing of personal information, and to handle complaints and damage relief from suppliers related to personal information processing.  

    RolePerson/Team in Charge
    Chief Privacy Officer (CPO)

    Kim Jong Jun

    Privacy TeamPrivacy Compliance
    Inquiry Response TeamSupplier Call CenterContact1600-9879
  • Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
  • Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
  • Supreme Prosecutors’ Office: 1301 (www.spo.go.kr)
  • Korean National Police Agency: 182 (ecrm.cyber.go.kr)
  • Privacy Notice Version: 3.2

    Effective Date: 11. 16. 2023

    ※ If you have any questions about privacy notice that is not indicated, please contact customer support team.

     
    Scroll to Top