SHOPLINE aims to provide merchants (hereinafter referred to as "you" or"merchants") a “Software as a Service” platform (hereinafter referred to as “SHOPLINE” or the “Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.
When you visit our websites and use the Platform, we may collect and use personal information about you (including your employees and/or persons who act on your behalf). We may also collect and use personal information from your customers on your behalf under your entrustment if they visit or purchase on the SHOPLINE empowered store. We are fully aware of the importance of personal information to you and your customers (collectively the “Personal Data Subjects”) and we are committed to ensure integrity and security of the Platform.
1. What we collect and how we use personal information
2. How we use “cookies” and other similar tracking technologies
3. How we process, share, transfer and disclose personal information
4. How you exercise right over your personal information
5. How we retain and protect personal information
7. How to contact us
9. SHOPLINE APP permission acquisition list
10. Third-party information sharing list
(1) Authorization and consent of customers
You hereby acknowledge and authorize us to collect, store and process personal information from your customers for you to use the Platform and SHOPLINE services, and hereby undertake to us that you have obtained sufficient and necessary authorization, consent and permission from your customers for us to directly collect and use their personal information required to perform relevant services. When you provide us with personal information of any third parties (including your customers) for our further process, you shall ensure that you have obtained sufficient and necessary authorization, consent and permission from such third parties for us to process such personal information for the purpose as requested by you. Nonetheless, we reserve the right to reject your request due to legal or regulatory requirements or restraints.
(2) Exceptions to the authorization or consent requirements
According to applicable laws and regulations, the consent of the Personal Data Subject is not required for collection and use of their personal information under the following circumstances:
(1) Related to the performance of obligations under laws and regulations;
(2) Directly related to national security or national defense security;
(3) Directly related to public safety, public health and major public interests;
(4) Directly related to criminal investigation, prosecution, trials and enforcement;
(5) For the purpose of safeguarding the life, property and other major legitimate rights and interests of the Personal Data Subject or any other person, but it is difficult to obtain the authorization and consent of that person;
(6) The personal information involved is disclosed to the public by the Personal Data Subject;
(7) Necessary for signing and performing the contract as required by the Personal Data Subject;
(8) Collection from lawfully and publicly disclosed information;
(9) Maintenance as necessary for the safe and stable operation of the Platform, such as troubleshooting;
(10) Other circumstances as stipulated by laws and regulations.
(1) What are "cookies"
A cookie is a small file stored in the Personal Data Subject’s computer, mobile phone or any other smart terminal device by the website server when it logs into the website or browses website content, usually containing identifiers, site names and some numbers and characters. When the Personal Data Subject visits the website again, the website can identify the browser of the Personal Data Subject through cookies. Cookies may store user preferences and other information.
(2) How“cookies” are used
When a Personal Data Subject uses our website, we may collect the device model, operating system, device identifier and login IP address information of the Personal Data Subject through cookies or similar technologies, as well as cache the browsing information and clicking information of the Personal Data Subject, so as to view the network environment of the Personal Data Subject. Cookies allow us to identify a Personal Data Subject when it visits the website, continuously optimize the user friendliness of the website and make adjustments to the website according to the needs of the Personal Data Subject. The Personal Data Subject can also change the settings of the browser so that the browser does not accept cookies on our website, but this may affect the Personal Data Subject 's use of some features of the website.
On SHOPLINE website, with the help of cookies and other similar technologies, we can identify whether a Personal Data Subject is our user or the user’s customers each time the Personal Data Subject uses the Platform, SHOPLINE services or the store empowered by SHOPLINE, without having to re-login and authenticate on each page.
(3) How to manage “cookies”
Personal Data Subject can manage or delete certain categories of tracking technologies according to their own preferences. Many web browsers have a Do Not Track feature that sends a Do Not Track request to the website.
In addition to the controls we provide, a Personal Data Subject may choose to enable or disable cookies in their Internet browsers. Most Internet browsers also allow Personal Data Subject to choose whether to disable all cookies or only third-party cookies. By default, most Internet browsers accept cookies, but this can be changed. For more information, see the Help menu in your Internet browser or the documentation of your device.
The following links provide instructions on how to control cookies in all major browsers:
If the Personal Data Subject uses any other browser, please refer to the documentation provided by the browsers.
On SHOPLINE website, a Personal Data Subject may delete existing tracking technologies by clearing the cache.
When a Personal Data Subject browses a webpage without logging in, we will collect cookies necessary to realize the browsing feature in order to provide relevant services to the Personal Data Subject.
Please note that if a Personal Data Subject refuses to use or remove the existing tracking technologies, it is necessary to personally change the user settings at each visit, and we may not be able to provide a quality user experience to the Personal Data Subject, and some feature may not be able to function properly.
We do not share personal information with any third parties unless one or more of the following circumstances exist:
In principle, we will not transfer control of personal information to any third parties, except in the following circumstances:
Note: If transfer is necessary due to the above reasons, we will inform you of the purpose and type of transfer and transferee of the information before the transfer (we will also let you know if sensitive information is involved) and obtain your consent to such transfer, except as otherwise provided by law or regulation. The transferee will continue to perform personal information related obligations hereunder. If we go bankrupt or cease operation and there is no transferee, we will delete or anonymize your personal information.
(4) Public disclosure
In principle, we will not disclose your personal information to the public or undefined groups, except that we may disclose your personal information based on our agreement with you or according to applicable laws and regulations.
(1) Access and amend personal information
You are entitled to access your SHOPLINE account at any time to view your personal information. If you find that the personal information we collect, store, use, or disclose is incorrect or incomplete, or in other circumstances stipulated by laws and regulations, you can log in to SHOPLINE administrative panel and enter the "Personal Center" to amend or supplement your personal information.
(2) Delete personal information
Under the following circumstances, you can contact us to delete your personal information, except that the data has been anonymized or as otherwise provided by law or regulation:
Before deleting relevant information, we may require you to verify your identity to ensure the account security. Once verified and confirmed, we will delete your information from SHOPLINE products and/or server as soon as possible. However, we will retain (but not use) your contact information and transaction records within the period as permitted by law in order to prevent crimes and safeguard national security as required by regulatory authorities. Please note that we may not immediately delete the information from the backup system, and will only delete it when the backup system is updated.
(3) Account termination
You may terminate your SHOPLINE account or any of our products in accordance with SHOPLINE Terms and any other applicable terms. You acknowledge and understand that you no longer have access to your SHOPLINE accounts and data relating to your SHOPLINE account once you terminate your SHOPLINE accounts. We will terminate your accounts after verifying your identity and agreeing with you on disposal of assets in your account. After termination, we will promptly delete your personal information or anonymize it unless it is necessary to retain your personal information according to any laws or regulations.
The account termination is irreversible. Once your account is terminated, we will no longer collect your personal information and will no longer provide you with our products and/or services or share any data processed by us under such product, irrespective whether you later re-activate your account under the same registration details. Therefore, please exercise caution before you terminate your account and take all necessary actions to back up important data under your account.
(4) Restraint of automated decision-making systems
(5) Response to requests
In principle, we do not charge for your reasonable request. For repeating request in a specific period of time, we reserve the right to charge you as appropriate; for requests that require excessive technical support (e.g., the need to develop a new system or fundamentally change existing practices) or entail other significant difficulties, we will provide you with alternatives.
We will reject your request under the following circumstances:
Please note that you shall respond directly to requests made by your customers (which are not our direct clients) relating to their personal information. Unless we receive a request from you for assistance, we may forward any request we receive from your customers to you or ask your customers to seek help directly from you.
(1) Retention period
When you use the Platform and any SHOPLINE products and/or services, we will retain your and your customers’ personal information on behalf of you. We undertake that, we will only retain your and your customers’ personal information for such period as necessary to achieve the purposes as authorized by you and your customers hereunder, unless otherwise provided by law or regulation or otherwise authorized by the Personal Data Subjects.
If you terminate your SHOPLINE account or delete your information, or if we cease operation for whatever reasons, we will cease collecting your personal information and delete or anonymize personal information we have collected, in accordance with laws and regulations.
(2) Where we store personal information
As we provide the Platform and SHOPLINE products and services to users in multiple jurisdictions, you acknowledge the information and data you provided to us maybe transferred to, stored or processed outside of your country. In principle, we will store your personal information in Singapore. However, for statistical and analytical purposes, we may transfer your personal data to regions outside of Singapore. Nonetheless, we will ensure that your personal information is adequately protected as it is in the country or region where you are located and will use encryption in cross border data transfer.
(3) Protection of personal information
We take the personal information security very seriously. We have adopted technical security measures, appropriate organizational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorized use, disclosure or amendment of your personal information, including:
(a) Technical measures for data security
In order to ensure information security, we strive to take all reasonable technical measures to protect personal information, so that you and your end users' personal information will not be leaked, damaged, destroyed, or lost. We use encrypted transmission technologies such as SSL to protect the security of data transition and use appropriate protection mechanisms to prevent malicious data attacks. We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your end users' personal information from being accessed, disclosed, used or altered without authorization, or intentionally or accidentally damaged or lost.
(b) Organizational and management measures for data security
We appoint data protection officer as required by laws and regulations and set up a working group for personal information protection. We have also established relevant internal control management processes to strictly limit access to personal information to personnel to the minimum on a “need-to-know” basis.
We have established internal policies for the safe use of data and implement strict management rules for employees or contractors who may have access to your and your customers’ information, including but not limited to implementing different access controls for different roles, signing confidentiality agreements with them, and monitoring their operations.
We provide employees with trainings on security and privacy protection and require them to complete assessments, in order to enhance their awareness of the importance of personal information protection.
(c) Contractual obligations for data security
Before we collect your personal information from a third party, we will expressly require the third party in writing to obtain your explicit consent before collecting and processing your and your customers' personal information, and require the third party to guarantee the in writing legitimacy and compliance of the source of personal information. In the event of breach by the third party, we will expressly hold the third party legally liable.
Before we share your and/or your customers’ personal information with our partners, we will require our partners to hold up to their obligations and responsibilities relating to information protection. To this end, we will require our partners to sign a data processing agreement or set out the terms of data protection in a cooperation agreement signed by both parties, which stipulates that partners' confidentiality obligations, including to ensure that the custody, use and transfer of information shall satisfy our requirements and subject to our review, supervision and audit, and in the event of any breach, we will hold the counterparty legally liable.
(d) Handling of security incident
In the event of a personal information security incident, we will immediately activate the emergency plan, take remedial measures, record the incident, and report it in time in accordance with the applicable laws and regulations. If the security incident may cause serious damage to the legitimate rights and interests of you and/or your customers, such as the disclosure of sensitive personal information, we will inform you of situation of the security incident and its possible impact, the measures we have taken or are about to take, risk prevention and mitigation we recommend for you, the remedies we provide to you and/or your customers, and our contact. We will promptly inform you of the above by email, letter, telephone or notification. When it is difficult to inform the Personal Information Subject one by one, we will issue a warning notice in a reasonable and effective way.
In the event of significant or material changes, we will notify you in a prominent manner as appropriate.
Significant or material changes include but are not limited to the following circumstances:
If you are located in Singapore:
Customer service email：firstname.lastname@example.org
Data protection/security email：email@example.com
If you are located in Hong Kong, Malaysia, Thailand, Vietnam and Indonesia, and other country or region:
Customer service email：firstname.lastname@example.org
Data protection/security email：email@example.com
If you are located in Mainland China:
Customer service hotline: 400-809-2080
Data protection/security email: firstname.lastname@example.org
You: the registered seller user who uses SHOPLINE/its employees/developers/other persons authorized to operate the Platform.
Sensitive personal information: personal information that, once leaked, illegally provided or misused, may cause damage to personal or property safety, and easily lead to damage to personal reputation, physical and mental health or discriminatory treatment, including ID card number, personal biometric information, bank account, finance information, credit information, whereabouts, health and physiological information, and transaction information.
Deletion: the act of removing personal information from the system involved in the realization of routine service functions, so that it cannot be retrieved or accessed.
Anonymization: the process of technically processing personal information in an unrecoverable way that results in information that cannot identify or be associated with you.
When you use the services provided by a third party, we will share the corresponding information after obtaining or ensuring that the third party obtains your authorization and consent, as well as other cases in compliance with laws and regulations. You can know how the third party will deal with your personal information through the relevant information listed. We will also strictly restrict the third party's access to personal information to protect the security of your personal information.
We may also access the software development kit (SDK) provided by a third party to achieve to ensure the stable operation of the platform or realize relevant functions. Our access-related third-party SDKs are also listed in the following list. You can view the data use and protection rules of third-party through the links or paths provided in the directory. Please note that the type of personal information processing of third-party SDK may change due to version upgrades, policy adjustments, and other reasons. Please follow the official instructions published by it.
Personal information: name, email, IP, device information, country
Name of the third party: Joincube, Inc.
Purpose:for delivering private messages to merchants
Usage scenario: to inform merchants of product adjustment, updates, and other matters
Sharing mode: background interface transmission
Third-party personal information processing rules: https://www.getbeamer.com/privacy-policy
Tencent Cloud Web (H5) player
Personal information: equipment manufacturer, equipment model, system language type, screen resolution, operating system version number, browser type, browser version, IP address
Name of the third party: Shenzhen Tencent Computer System Co., Ltd
Purpose:for attracting audience for live broadcast
Usage scenario: businesses use SC live broadcast function
Sharing mode: background interface transmission
Third-party personal information processing rules: https://cloud.tencent.com/document/product/454/61839
Personal information: IP address, geographical location, browser type, and version, operating system, recommended source, length of access, page views
Name of the third party: QZ Industries
Purpose:for printing the user's order message
Usage scenario: to print user messages in a live broadcast scenario
Sharing mode: background interface transmission
Third-party personal information processing rules: https://qz.io/privacy/