Privacy Policy



Sonpha Paper CO., Ltd. has the following handling policies to protect users' personal information and rights and to smoothly handle users' difficulties related to personal information according to the Personal Information Protection Act. In case of modification of the privacy policy, Sonpha will notify through the notice or individual notice in Sonpha (online packaging brokerage platform, www.sonpha.com).

Article 1 (Basic Principle)

Sonpha complies with the privacy policies under related statutes to be complied with by telecommunications service providers, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., Protection of Communications Secrets Act, Telecommunications Business Act, and Personal Information Protection Act, and do the best to protect interests of members by prescribing privacy policy under related statutes.

Article 2 (Personal Information Collected at Initial Signing up for Membership)

Sonpha collects the following personal information from individual Clients at the time of initial signing up for membership and management, smooth difficulties treatment, and provision of various services.

  • Critical Items: Company name, account (ID), password, main email address, main phone No., mobile No., main address

Article 3 (Personal Information Collected at Service Use)

  1. For the provision of smooth and reliable services, Sonpha collects the following personal information in each paragraph from members prior to the process of requesting estimates and participating in bidding after signing up for membership.
    1. Client's task officer
      • Purchasing officer: Name, landline phone No., mobile No., fax No., email address
      • Warehousing officer: Name, landline phone No., mobile No., fax No., email address
      • Officer for tax invoice: Name, landline phone No., mobile No., fax No., email address
    2. Partner’s task officer
      • Officer for Partner: Name, landline phone No., mobile No., fax No., email address
      • Order receipt/Delivery officer: Name, landline phone No., mobile No., fax No., email address
      • Officer for tax invoice: Name, landline phone No., mobile No., fax No., email address
  2. Sonpha may collect the following member information in each paragraph which is generated additionally in the course of service use:
    1. Basic information collected: IP address, cookies, device identification No. (MAC address, etc.), the record of service use, visit record, access log, the record of defective use, etc.
    2. Information collected at the time of service use: mobile No., credit card information, bank account information, payment records, etc.

Article 4 (Prohibition of Collecting Sensitive Personal Information)

Sonpha does not collect sensitive personal information (race, thought, creed, political orientation, criminal records, medical information, etc.) that may violate the fundamental human rights of members, and there is no limit to the service use provided by Sonpha even if the member does not input the information.

Article 5 (How to Collect Personal Information)

Sonpha collects personal information in any of the following ways.

  1. Collection through the service application such as web forms, written forms, telephone, fax, etc., or voluntary provision of members while using.
  2. Collection through collection tools of generation information

Article 6 (Personal Information Collection and Purpose of Use)

Sonpha collects and uses the personal information of the members for the following purposes: The collected personal information shall not be used for any of the following purposes, and separate prior consent shall be asked if the purpose of the use is changed.

  1. Signing up for membership and management: Opinion confirmation for membership, identification, and verification according to the provision of membership services, maintenance, and management of membership, identification according to the limited identity verification system, prevention of unjustifiable use of services, confirmation of consent from legal representatives when collecting personal information of children under the age of 14
  2. Handling of civil petition: Purpose of identification of civil petitioners, confirmation of civil affair matters, contact and notice for examination of fact, notification of processing results, etc.
  3. Service provision: Purpose of service provision, identification, age verification, collection of claims, etc.
  4. Utilization of marketing and advertising: the purpose of developing new services, providing customized services, providing events and advertising information and opportunities for participation, providing and advertising services based on demographic characteristics, confirmation of service effectiveness, identifying access frequencies, or statistics on members' use of services.

Article 7 (Basic Principle of Provision of Personal Information of Third Party)

Sonpha shall use member’s personal information within the range notified in Article 6, and shall not use it beyond the range without the prior consent of the members, or provide member’s personal information to third parties or disclose it to the outside in principle. However, The following cases shall be excluded.

  1. In case the members agree to disclose in advance
  2. In case there is a request from the investigative agency base on the provisions of statutes or according to the procedures and methods prescribed in statutes for investigation purposes.
  3. In case the transaction has been made according to the services provided by RIU, the information relating to the contract between the parties will be provided to both parties within the required range.

Article 8 (Provision of Exceptional Personal Information of Third Party)

Currently, Sonpha does not provide personal information to third parties or disclose it to the outside world.

Article 9 (Basic Principle of Personal Information Retention and the period of Use)

Member’s personal information shall be destroyed without delay in case the purpose of personal information use is achieved in principle.

Article 10 (Personal Information Retention by Sonpha’s Internal Policy)

In spite of Article 9, Sonpha shall preserve information related to membership and management for the following periods according to the internal policy by Sonpha to prevent disputes related to transactions.

  1. Principle: Until the membership cancellation.
  2. In case of an ongoing investigation, survey, etc. according to the violation of related statutes to member: Until the completion of the relevant investigation and survey.
  3. In case there is a remaining the bond and debt relationship between Sonpha and members: Until the settlement of the relevant bond and debt relationship.
  4. After the membership cancellation, to block members who repeatedly re-join and terminate membership arbitrarily to take unjustified economic profits or take expedient by using other’s name without permission or engage in illegal activities in this process, member's name, account (ID), password, email information shall be preserved for one month after membership cancellation, and log records and IP information for 12 months.

Article 11 (Personal Information Retention under Related Statutes)

According to the provisions in related statutes, such as the Act on the Consumer Protection in the Electronic Commerce Transactions, etc., Sonpha shall preserve the relevant personal information of members according to the following paragraphs and shall use them only within the range of its purpose: However, in the case of a member (who has not cancel membership) whose use contract exists under the use contract of the Sonpha.com, the retention period may be longer than the mandatory retention period, and records that have expired shall be destroyed when there is a request to be deleted by the member.

  1. Records of cancellation of contracts or subscriptions, etc.: Preserved for 5 years according to the Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  2. Records of payment, supply of fortune, etc.: Preserved for 5 years according to the Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  3. Records of the handling of consumer complaints or disputes: Preserved for 3 years according to the Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  4. Records of display and advertisement: Preserved for 6 months according to the Act on the Consumer Protection in the Electronic Commerce Transactions, etc.
  5. Records of identification: Preserved for 6 months according to the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.
  6. Records of telecommunication date and time, start and end time, subscriber No., frequency of use, and location tracking data of sending base station: Preserved for a year according to the Protection of Communications Secrets Act.
  7. Data of computer communication, Internet log, access location followup: Preserved for 3 months according to the Protection of Communications Secrets Act.
  8. Records of the collection, processing, use, etc. of credit information: 3 years.

Article 12 (Procedures and Methods for Destruction of Personal Information)

  1. In case the purpose of personal information use is achieved, Sonpha shall select personal information that occurred due to destruction, and destroy the relevant personal information without delay with the approval from the person in charge of personal information protection in principle.
  2. The procedure, deadline, and method of destruction are as follows.
    1. Destruction procedures: Information inputted by the user is transferred to the separate database system (in the case of paper, to the separated document), stored for a period of time according to the internal policy and other related statutes, or destroyed immediately. At this time, the personal information transferred to the database system is not used for any other purpose unless it is under law.
    2. Destruction deadline: In case the retention period of personal information has expired, when personal information becomes unnecessary within five days from the end of the period of retention period due to the achievement of the purpose of using personal information, the abolition of the relevant service, the termination of the business, the personal information of the user shall be destroyed within five days from the date that personal information processing is deemed unnecessary.
    3. Destruction method: Personal information recorded on paper shall be shredded by a grinder or destroyed by incineration, and personal information stored in electronic file form shall be deleted using technical methods not to reproduce the records.

Article 13 (Cancellation of Consent to the Collection, Use, and Provision of Personal Information)

The members may cancel their consents to the collection, use, and provision of personal information at any time through signing up for membership, etc.

Article 14 (Member's Rights and Exercising Methods)

  1. Members may exercise the following rights to Sonpha at any time.
    1. Request to view personal information.
    2. Request to modify in case of mistakes, etc.
    3. Request to delete.
    4. Request to suspend the processing.
  2. The exercise of rights according to section 1 may be made in writing, e-mail, fax, etc. according to the form of No. 11 in the attached page of the Enforcement Decree of the Personal Information Protection Act, and Sonpha may confirm whether the request is the true intention or not by receiving voucher such as a copy of the requesting person's ID card, etc. for identification, and if it is deemed necessary to be modified or deleted, such as being identified and proved to have mistakes in personal information or passed the retention period, the measures shall be taken without delay.
  3. In case the member requests modification or deletion of personal information mistakes, etc., no relevant personal information shall be used or provided until Sonpha completes the modification or deletion. The exercise of rights under section 1 may be made through the agent, such as a legal representative of a member or delegated person. In such cases, a power of attorney according to the form of No. 11 on the attached page of the Enforcement Decree of the Personal Information Protection Act shall be submitted.

Article 15 (Right of Legal Representative)

  1. The legal representative may cancel the consent to collect, use, or provide personal information for children under the age of 14, and may request perusal of personal information or modification of mistakes provided by the relevant child.
  2. In case a legal representative of the child member under the age of 14 requests perusal or verification through landline or writing, Sonpha shall confirm whether the person making the request is a true legal representative by receiving a voucher such as the power of attorney and certificate of seal impression that proves the agency relationship and a copy of ID card of the requesting person or delegated person.

Article 16 (Restrictions on Access and Use of Personal Information)

  1. The personal information abandoned, deleted, or modified at the request of a member or legal representative shall be processed as prescribed in Articles 9 or 11, and shall not be perused or used for any other purpose.
  2. The member and legal representative can view or modify the personal information of themselves or children under the age of 14 at any time and may request the cancellation of the membership.

Article 17 (Operation of Cookies)

  1. To provide customized services to members, Sonpha operates 'Cookie', which stores and finds information for members frequently. A cookie is a very small text file that the server used to operate the website sends to the member's web browser and is sometimes stored in the member's computer hard disk.
  2. Sonpha uses Cookie for the purpose of analyzing the frequency of access and visit times of members and non-members to track their tastes and interests and providing target marketing or personalized services by identifying the degree of participation in various events and the number of visits.
  3. The members have the option of installing Cookie. Therefore, the member may allow all Cookies by setting options in the web browser, check them on all savings, or refuse to save them.
  4. As ways to reject Cookie settings according to section 3, the member may allow all Cookies by setting options in the web browser, check them on all savings, or refuse to save them. For example, the denial of cookie settings is possible through the Tools at the top of the web browser > Internet Option > Personal Information Menu.
  5. In case the member refuses to install Cookies, some services that require login may be restricted.

Article 18 (Measures against hacking, etc.))

According to Article 29 of the Personal Information Protection Act, Sonpha is taking technical, administrative, and physical measures necessary for safety assurance as follows.

  • Minimization and training of the person in charge of personal information: The policies to designate employees who handle personal information and to limit the duties to them and manage them have been implemented.
  • Implementation of regular internal audit: Internal audit is conducted regularly (once a quarter) to ensure stability related to personal information processing.
  • Establishment and implementation of internal management plan: Internal management plan is established and implemented to ensure the safe processing of personal information.
  • Encryption of personal information: Passwords of the user's personal information are encrypted, stored, and managed, so only the relevant user knows, and the important data uses separate security functions such as encryption of files or transfer data or using security functions.
  • Technical measures against hacking: To prevent personal information leakage and damage caused by hacking or computer viruses, Sonpha installs security programs, updates and inspects regularly, Installs the system in the access-restricted area, and monitors and blocks technically and physically to prevent personal information leakage and damage caused by hacking or computer viruses.
  • Access restriction to personal information: To control access to personal information through granting, changing, and erasing access rights to database systems that process personal information, necessary measures are being taken and unauthorized access from outside is controlled using a firewall system.
  • Access record keeping and forgery prevention: Access record to the personal information processing system is kept and managed for at least six months, and security functions are used to prevent forgery, theft or loss of access records.
  • Use of lock for document security: Documents containing personal information and subsidiary storage media, etc. are stored in a secure place with a locking device.
  • Access control for unauthorized persons: It is managed by placing separate physical storages with personal information by establishing the access control procedures.
  • Others: The efforts are made to prepare all possible technical devices to ensure systematic security.

Article 19 (Minimization and Training of the Person In Charge)

Employees of the personal information of Sonpha are limited to those in charge, and they are regularly renewed by receiving separate passwords, and compliance of Sonpha's privacy policy is always emphasized through frequent training for persons in charge.

Article 20 (Operation of Institution Exclusively for Personal Information Protection)

Sonpha is trying to check the performance of compliance of the privacy policy and the compliance of the person in charge through the in-house institution exclusively for personal information protection, etc., and to make effort to modify and correct the problems found. However, Sonpha is not responsible for any problems caused by the member's carelessness or the leakage of personal information due to Internet problems.

Article 21 (Responsible Person and Person In Charge for Personal Information Protection)

The member may report the relevant civil complaint, such as inquiries, complaint handling, and damage relief, etc. about personal information protection arising from using Sonpha's services to the following responsible person or department for personal information protection. Sonpha will answer and process inquiries about the principals of information without delay.

  1. Person In Charge for Personal Information Protection
    • Name: Anta Wang
    • Position: CEO
    • Contact:  [email protected]
    • ※ It will be connected to the department in charge of personal information protection.
  2. Department of personal information protection
    • Department Name: Management & Planning Team
    • Person in charge: Rita Zhou
    • Contact: [email protected]

Article 22 (Window for Personal Information Perusal)

Members can request perusal of personal information to the department below. Sonpha will try to process the request for members to peruse personal information.

  • Department Name: Management & Planning Team
  • Person in charge: Phoebe
  • Contact: [email protected]

Article 23 (Notification Methods for Privacy Policy)

  1. In case of an addition, deletion, or modification of the current privacy policy, Sonpha will notify the reason and the details for the change through the sonpha.com at least seven days prior to the modification. However, if there is an important change in user rights for the collection and utilization of personal information, it will be notified at least 30 days in advance.
  2. In case the members intend to obtain additional consent from them to use their personal information or entrust it to a third party beyond the range agreed by members, Sonpha shall notify members individually by writing, e-mail, call, etc. in advance.
  3. In case the collection, storage, processing, use, provision, management, destruction, etc. of personal information is entrusted to a third party, Sonpha shall notify the member of the fact through the privacy policy.
  4. In case the member intends to obtain consent from a legal representative to collect or use personal information of a child under the age of 14 or to provide it to a third party, Sonpha shall notify by submitting the details to the legal representative by telephone, fax, mail, child or connecting (hyperlink) by sending emails to the legal representatives so that they can see the privacy policy or reasonable methods for the notifying details to reach the legal representative.

Supplementary Provision

This privacy policy shall be implemented from November 11, 2021.