Supplier Privacy Notice (V.2.3)
You are entitled to fully exercise your rights with regard to the collected information.
You will always be informed of any changes to the Privacy Policy, which will be posted for your access anytime.
This Privacy Policy reflects Coupang’s policy based on laws in processing personal information of supplier (including those who provide
consultation only), and specifically contains the following content:
Coupang protects personal information as follows:
- Collection and use, period of retention and use of personal information
- Transfer of personal information to a third party
- Delegation of processing of personal information
- Procedure and method of destruction of personal information
- User’s rights and the method of exercise thereof
- Matters regarding installation/operation and rejection of automatic collection of personal information
- Measures to protect personal information
- Contact information of the Chief Privacy Officer and the employee in charge of personal information
- Duty to notify
1. Coupang collects and uses the following personal information according to the type of service used by the user.
| Classification | Purpose of Collection and Use | Items to be Collected and Used | Period of Retention and Use |
|---|---|---|---|
| Mandatory Items | User identification, information provision according to service use (service announcement, tax invoice issuance, inquiry and request processing, sending payment details), monitoring and prevention of abuse | ID, Password, name, mobile phone number, e-mail address | Until the termination of the service use agreement. |
| Two-factor authentication | Mobile phone number, e-mail | ||
| Identification of the name of company and owner during onboarding approval assessment | Copy of bank book | Destroyed without delay after onboarding is approved | |
| Settlement and payment | Account number, name of account owner | Destroy after storage until the period set by the Act on Consumer Protection in Electronic Commerce, etc. | |
| <When user applies for Coupang Live through Live vendor> Coupang live application and results notification |
Destroyed without delay after results are notified | ||
| <When issuing child accounts or 3PL and global sourcing vendor accounts> Service provision, monitoring and prevention of abuse |
E-mail, user name, mobile phone number, user ID, password | Destroyed without delay after service contract is terminated |
|
| Two-factor authentication | Mobile phone number, e-mail | ||
| <When consulting ADS product advertisement> Coupang product advertisement consulting |
Mobile phone number | Destroyed without delay after retaining for 30 days from the application date |
2. For the purpose of providing services or fulfilling statutory obligations, personal information retained by Coupang may be provided to a third party within the scope of consent to collect and use.
Coupang uses collected personal information within the scope of purposes you have consented to and does not use or externally disclose or provide such personal information beyond the consented scope, except:
1. When the principal of personal information has consented to such disclosure or transfer
2. When the provision of personal information was determined to be in good faith because it was required by the law (e.g., when receiving request by an inspection or investigative authority in accordance with due process and based on relevant laws and regulations)
3. To facilitate provision of service and to process business affairs efficiently, Coupang delegates processing of personal information as follows:
| Consignee | Purpose of Consignment |
|---|---|
| Amazon Web Services Inc. | Data storage, SMS messaging, e-mail dispatch |
| Microsoft | Tools for email, document/file storage, and internal communication/collaboration |
| NHN Corp. | SMS messaging, e-mail dispatch |
| UNIPOST | Tax invoice processing |
| UBASE Inc., KSKBSJOB, Transcosmos Korea Inc. | Customer service |
| Shipping Companies (Daesung, KLP, Joil, Hanbaek, KCTC, Eugene Logistics, Sebang, Dongwon LOEX, Dongbang) | Delivery management for Milkrun service |
Coupang consigns development and operation of its services to its affiliates (Coupang Global, LLC, Coupang (Shanghai) Co., Ltd., and Coupang (Beijing) Co., Ltd.). Coupang affiliates comply with Coupang’s security policies as specified under 7. Actions Taken to Protect Personal Information below.
| Consignee (Contact of Information Manager) |
Country | Time and Method of Transfer | Personal Data | Purpose of Use | Period of Retention and Processing |
|---|---|---|---|---|---|
| Coupang Global, LLC(1600-9879) | USA | Personal data is transferred over secure network when necessary for business purposes | Personal data collected and used during customers’ use of services (sign-up, consultation, payment) | Coupang service operation, research and development and fraud monitoring and detection | Until the consignment contract is terminated |
| Coupang (Shanghai) Co., Ltd.韩领网络科技(上 海)有限公司(1600-9879) | China | ||||
| Coupang (Beijing) Co., Ltd.韩领网络科技(北 京)有限公司(1600-9879) | China | ||||
| Genesys (GSN :yakida96@gsnict.com) | Japan | Call recordings, caller’s number | Using call management system for CS Center | ||
| Zendesk (support@zendesk.com) | Japan | Name, email, phone number, member SRL |
4. In principle, Coupang destroys your personal information immediately after the purpose of retaining such information has been achieved. The procedure, deadline and method for destruction of personal information are as follows:
① Destruction procedure and deadline
Once the purpose of collection and use of personal information has been achieved, the relevant personal information will be transferred to a separate DB and kept safely in compliance with internal regulations and relevant laws and regulations, and then be destroyed without delay when the predetermined retention period expires. Personal information transferred to a separate DB is not used for purposes beyond the purpose that each of you consented to or for any other purpose unless determined by law.
② Destruction Method
- Information in the form of electronic files will be destroyed using technical methods that render such information irrecoverable.
- Information printed on paper will be destroyed by shredding or incineration.
③ However, personal information whose retention or use period is determined otherwise by other laws and regulations may be processed separately.
[Cases pursuant to relevant laws and regulations]
| Applicable laws | Purpose | Retained Information | Retention Period |
|---|---|---|---|
| Act on the Consumer Protection in Electronic Commerce Article 6 | Log customers’ complaint or settlement of disputes | Consumer identification information, records of dispute settlements | 3 years |
| Log paymentand supplying goods, etc. | Consumer identification information, records of payment, supplied goods and contracts/subscription withdrawals | 5 years | |
| Log contracts and subscription withdrawals, etc. | |||
| Log indication and advertisement | Records of indication and advertisement | 6 months | |
| Framework on National Taxes Article 85-3, Article 26-2 | Calculation of national tax imposition exclusion period | National tax evidence for all transactions | 10 years |
| Calculation of extinctive prescription of national tax collection | Tax base and tax amount report records | 5 years | |
| Value-Added Tax Act | Ledger, tax invoice, tax invoice on import, receipt, etc. | Tax base of value added tax and tax amount report records | 5 years |
| Electronic Financial Transactions Act Article 22 | Log electronic financial transactions | Records of electronic financial transactions | 5 years |
| Protection of Communications Secrets Act Article 15-2 | Request from law-enforcement officers with warrants | Records of website and mobile app visit | 3 months |
① You as the data subject have the right to access, modify, and delete your information and to request suspension of processing of your information at any time.
② You can exercise the right specified in Clause ① above by submitting a written, e-mail, or fax request to Coupang pursuant to Article 41-(1) of the Enforcement Decree of the Personal Information Protection Act, and Coupang will promptly respond to such requests.
③ Your legal representative or a person delegated by you can exercise the right specified in Clause ① above on behalf of you. In such cases, you shall submit a power of attorney in the form of Form No. 11 of the Enforcement Rules to the Personal Information Protection Act.
④ The data subject’s right to request access to personal information or suspension of personal information processing may be restricted pursuant to Articles 35-(5) and 37-(2) of the Personal Information Protection Act.
⑤ You may not request deletion of your personal information in cases where such information is specified as the type of information required to be collected by laws or regulations.
⑥ Coupang shall verify that requests for access to, modification/deletion of, or suspension of processing of personal information are made by the data subject him/herself or a legitimate representative.
A person who may demand processing of personal information (access, deletion, or suspension of processing) is limited to the data subject whose personal information is processed under this Privacy Policy. Any person who infringes or attempts to infringe personal information or privacy of others by deceitful acts may be subject to civil or criminal penalties.
Furthermore, it may be difficult to fulfill requests from customers to delete or stop the processing of their personal data, or withdraw the consent if any of the following is true:
- • There are special provisions under the law, or it is absolutely necessary to fulfill an obligation under the law;
- • There is a possibility of incurring damage to life, body, property and other interests of a third party;
Coupang does not collect and store the data automatically generated while using our services (cookies).
7. Measures to protect personal information
Coupang is implementing the following technical and administrative measures to protect your personal information from loss, theft, disclosure, alteration, or damage while processed.
① Development and implementation of an internal management plan
Coupang has an internal policy in place for safe processing of personal information. The Company also ensures compliance with the personal information protection measures through information security audit and immediately remedies problems identified.
② Implementation and operation of access control
Coupang blocks unauthorized access by implementing security solutions, such as a firewall system, and seeks to deploy every possible technical tool to ensure information security systematically.
③ Measures to prevent alteration or falsification of access logs
Coupang stores and manages logs of access to the personal information processing system and prevents such logs from being altered or falsified.
④ Encryption of personal information
Coupang transmits the user's personal information using network transport encryption and encrypts critical information, such as passwords, for storage.
⑤ Anti-hacking measures
Coupang monitors hacking activities around the clock by using a system that can detect and block intrusion and prevents computer viruses from doing damage by using antivirus software, which is updated regularly. The company also applies vaccines against any sudden virus across the board as soon as they are released to protect personal information. Moreover, it continues to research into new anti-hacking and security technologies and applies them to its services.
⑥ Minimum number of information-handling employees and training sessions
Coupang restricts access to the user’s personal information to those who absolutely need to handle such information for business purposes. The company also conducts regular training sessions and campaigns about personal information protection and security for all employees who process personal information.
The company also has in place an internal process where all new hires are required to sign a non-disclosure agreement to prevent information disclosure by individuals and employees’ compliance with the Privacy Policy is audited. Relevant employees conduct job handovers related to personal information in a secure, thorough manner and are clearly advised of their liability for any personal information incident both as an employee and a retiree.
8. Coupang designates a Chief Privacy Officer ("CPO") to protect your personal information safely.
① The CPO has been designated as follows who oversees all matters regarding personal information and to address the complaints and damages related to processing of personal information.
| CPO | Department in Charge of Processing Personal Information related Complaints |
|---|---|
|
Name : Max Leveson Contact information : 1600-9879 |
Department name : Supplier Support Center Contact information : 1600-9879 |
② Customers may make inquiries, raise complaints or ask for damage relief regarding any privacy issue that occurred while using our services (or businesses) through the Chief Privacy Officer or Seller Support Center (1600-9879). Coupang will promptly respond to and handle inquiries.
③ If you wish to receive consultation on or report personal information infringement, please contact the following authorities or organization.
▶ Personal Information Infringement Reporting Center (operated by the Korea Internet & Security Agency): 118 (without local code) / privacy.kisa.or.kr
▶ Cybercrime Investigation Team, Supreme Prosecutors’ Office: 1301 (without local code) / www.spo.go.kr
▶ Cyber Bureau, Korean National Policy Agency : 182 (without local code) / cyberbureau.police.go.kr
9. The policy regarding change to this Privacy Policy is as follows:
This Privacy Policy will apply from the date of enforcement. When insertion, deletion and corrections are made in accordance with laws, regulations and policies, such changes will be notified starting from 7 days prior to the implementation thereof. However, when grounds arise for material change to user’s rights such as collection and use of personal information or transfer of personal information to third parties, such changes will be notified at least 14 days in advance. Also, when polices need to be changed inevitably due to change in relevant laws and regulations or Coupang’s policy, such changes will be notified promptly through the website for your timely reference.
• Privacy Policy version : 2.3
• Public notification date of the current Privacy Policy : January 3, 2022
• Date of enforcement of the current Privacy Policy : January 10, 2022
※ If you have any questions about privacy notice that is not indicated, please contact customer support team.