Coupa is committed to providing the Coupa Business Spend Management platform to our customers in compliance with applicable laws and regulations in general and data privacy laws including, but not limited to, the EU General Data Protection Regulation (“GDPR”).
We seek to partner with our customers and their users to help them understand how we achieve data privacy compliance as a processor and how the Coupa platform enables our customers to achieve data privacy compliance as a controller.
This website provides more details on Coupa’s approach to data privacy compliance and offers additional insight into operational details.
Furthermore, customers can download copies of our third-party audit reports and certifications from the Security and Compliance page on the Coupa Support Portal. Other interested parties in Coupa compliance reports and certifications can access these reports through the Coupa Compliance Reports Self-Serve Portal.
- Quick Guide: Coupa's Global Privacy Program
- Our customers do business worldwide, and our privacy program reflects the international footprint of their operations. In this quick guide, we describe our global privacy program and how it can support your compliance efforts.
- Quick Guide: Data Management
- Understanding data management on the Coupa Business Spend Management platform is an important component when it comes to user management. In this quick guide, we provide you with more information and a how-to guide to get to results fast.
- Quick Guide: Data Processing Agreement
- This quick guide provides you with an overview of the Coupa DPA and our rational for using our template.
- Quick Guide: Subprocessors
- Coupa engages third-party suppliers in the context of the provision of the Coupa Business Spend Management platform. Some of these third-party suppliers may have access to, and process, customer data, including customer personal data and are considered subprocessors under GDPR. In this quick guide, we provide you with more information on who these subprocessors are and what services Coupa is procuring from them.
- Exari Privacy Shield Privacy Statement
- The Exari Privacy Shield Privacy Statement describes the Privacy Principles and establishes how Exari Group, Inc. and Exari Systems, Inc. (together, “Exari”) comply with those Principles. This Privacy Shield Privacy Statement covers personal data about data subjects who are citizens of any EEA member state, or the United Kingdom, or of Switzerland, where the personal data is transferred to, and/or processed in, the United States.
- LLamasoft Privacy Notice
- This LLamasoft Privacy Notice discloses the information practices for LLamasoft, Inc., and its global subsidiaries (“LLamasoft”), including what type of personal data is gathered and tracked, how the information is used, and with whom the information is shared. This Privacy Notice applies to persons in all jurisdictions and aims to inform you about the scope and purpose of the personal data we collect, use and process.
- LLamasoft Privacy Shield Statement
- The LLamasoft Privacy Shield Privacy Statement describes the Privacy Principles and establishes how LLamasoft, Inc. and Opex Analytics LLC (together, “LLamasoft”) comply with those Principles. This Privacy Shield Privacy Statement covers personal data about data subjects who are citizens of any EEA member state, or the United Kingdom, or of Switzerland, where the personal data is transferred to, and/or processed in, the United States.
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice and does not discuss other privacy-related laws or regulations that may also be relevant to our customers and prospects, including any industry-specific requirements. The relevant privacy and data protection laws and regulations applicable to individual companies will depend on several factors, including but not limited to where a company conducts its business, the industry in which it operates, the type of content it wishes to store, where or from whom the content originates, and where the content will be stored.