SHOPLINE Payments (hereinafter referred to as "the Company" or "we") provides payment services for online merchants (hereinafter referred to as "merchants" or "customers") and endusers that purchase items from merchants (hereinafter referred to as "consumers") (collectivelyreferred to as "data subjects", which term includes merchants and owners/shareholders, directorsor senior managers of merchants who are individuals).
This privacy policy (hereinafter referred to as "the Policy") explains how we collect, process, use, retain, share, and transfer your personal data when you browse the SHOPLINE Payments website, use the service or make payments through SHOPLINE Payments. This Policy applies solely to the personal data you provide when browsing the SHOPLINE Payments website or using the service,and does not apply to any online websites or services that we do not own or control.
Before browsing the Company's website and/or using the service, please carefully read the Policy and ensure you understand it. Only after you have understood the Policy should you begin using the website and/or service and other related services. If you disagree with any part of the Policy, you should immediately stop browsing the website and/or using the service and related services. For your convenience, please refer to Section 12 of this Policy for definitions of important terms.
Depending on the country or jurisdiction where you are accessing or browsing the Company’s website and/or using our services, and providing us with personal data, additional location-specific terms as set out in Schedule A may apply. The terms set out in Schedule A are in additionto the terms set out in the Policy, and form part of the Policy. In the event of any inconsistenciesor conflicting terms between the terms set out in this Policy and Schedule A, the location-specificterms in Schedule A shall prevail.
We only provide services to users aged 18 and above. For minors under the age of 18, the Company does not knowingly collect their personal data nor provide any service or related services to them. Before using the service and related services, please ensure that you meet the age requirement and have carefully read and understood the information in this Policy. The Company does not knowingly collect personal data from minors under 18, and you should not provide any personal data of minors to the Company in any form. If you discover that the Company has unintentionally collected personal data from a minor, please notify us immediately, and we will promptly endeavor to delete the relevant data. See further the section on Children's Privacy at Section 9 below.
We provide contact methods to ensure that you can exercise your legal rights, such as accessing and correcting your personal data, deleting your personal data, deactivating your account, withdrawing consent, and receiving timely responses. To find out more about your data subject rights and how to exercise them, please read Section 4 of this Policy. If you have any questions inrelation to our use of your personal data or this Policy, please contact us using the contact details given at Section 11 of this Policy.
Table of Contents of This Policy
1.1 Collection, Processing, and Use
(1) In accordance with Personal Data Protection Act 2012 (“PDPA”) of Singapore and applicable legal principles, and for the purpose of fulfilling SHOPLINE Payments' payment terms and providing you with the service and its services, the Company collects, processes, and uses the personal data of data subjects that you voluntarily provide during the use of the service, data generated from your use of the service, and personal data obtained from third parties.
(2) The detailed content and purposes of the personal data collected, processed, and used by the Company are specifically listed in the following table for your reference.
Personal Data Collected and Processed by theCompany
Purposes of Collection and Use
Merchants
When you register for an account with SHOPLINE Payments, log in, or actively contact SHOPLINE Payments, you may provide the Company with the following personal data related to yourself or your employees or authorized agents, including but not limited to: name, email, phone number, registered, business/operating and billing addresses, and contact number.
In some cases, we may also collect your IP address, business registration information, and tax identification number.
To verify you or your authorized agents' identity and authority.
To provide SHOPLINE Payments and related services to you (e.g., issuing transaction funds to your account) in line with our platform service terms.
To address issues or inquiries related to your use of the services.
To notify you about new features and services, and to provide marketing updates.
To help us understand, respond to, and resolve your inquiries.
You provide payment information, including payment card or bank account numbers, and bank account details.
To establish and maintain your SHOPLINE Payments account and to provide the related services and features to you.
When, after having registered for an account, you apply to use SHOPLINE Payments services, you provide us with additional personal data, including your contact information, address, company, gender, nationality/region, ID (including type, number andphoto), date of birth, residential address, property registration, partnership agreement, share holding percentage (if you are an owner or director of a merchant), banking information (including account type, account name, account number, BIC / SWIFT or IBAN codes and bank statement/s), information related to your store such as name/tradingname/handle, sales type, main products sold, and estimated monthly store revenue and business-related information (if you are an individual business owner), details about the nature of your business, transaction history, and store operational status.
To monitor transaction risks and related legal obligations, including legal compliance (e.g.,fraud prevention, suspicious activity monitoring, anti-money laundering, and counter-terrorism financing).
To conduct "Know Your Customer" checks and other checks as required under applicable laws, and monitor transaction risks and related legal obligations, including legal compliance (e.g., fraud prevention, suspicious activity monitoring, anti-money laundering, and counter-terrorism financing) obligations to allow us to fulfil our regulatory requirements for customer due diligence and name screening.
To analyze and improve services to make them more personalized and user-friendly.
To help us understand, respond to, and resolve your inquiries.
Data subjects (consumers, and merchants that are individuals)
When you complete a payment process, you provide the Company with or the Company collects the following personal data, including but not limited to:
Merchants
Information relating to the merchant's store and therelevant transaction, payment and delivery, such asmerchant name and store name, merchant city,transaction time, payment details.
Consumers
Payment card information (such as cardholder name, card BIN, issuing bank and country, cardnumber, expiration year and month and issuing bank), contact number, email address, shipping information (product information, recipient name, delivery address, logistics information), IP address and IP country.
To provide SHOPLINE payment services and complete the payment process.
To monitor transaction fraud and risk control, handle consumer disputes, and comply with legal requirements (including fulfilling customer audits and investigations, anti-money laundering, and counter-terrorism financing regulations).
To identify and resolve issues and faults, as well as improve the SHOPLINE Payments platform and related services.
The Company collects information, which may include personal data, through "cookies," "user agents," or similar technologies that collect data from devices used by you (including your employees and authorized agents), including frequently used device information, IP address, device model, device identifiers, operating system, browser, service providers, and logs (logs related to your platform activity and the internet browsing history).
To monitor transaction fraud and risk control, handle consumer disputes, and comply with legal requirements (including on fraud prevention, suspicious activity monitoring, fulfilling customer audits and investigations, anti-money laundering, and counter-terrorism financing).
To analyze data and provide more personalized and tailored services to you.
Logs are saved and used for diagnosis, including network disconnections, system lags, click events.
To identify and resolve technical issues and faults, as well as to analyze and improve the SHOPLINE Payments platform and related services, such as to make them more personalized and user friendly.
1.2 Providing personal data belonging to others.
In certain circumstances, you may provide us with personal data of persons other than yourself. If you do so, you represent and warrant that you have brought this Privacy Policy to his / her attention, informed him / her of the purposes for which we are collecting his / her personal data and that he / she has consented to your disclosure of his / her personal data to us for those purposes and accepts the Policy.
1.3 Accuracy and completeness of personal data.
You are responsible for ensuring that all personal data that you provide to us is true, accurate and complete. You are responsible for informing us of any changes to your personal data.
1.4 Legal basis to collect, use, and disclose personal data.
We will only collect, use, and disclose your personal data where your consent has been obtained, where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests, where we need to perform a contract with you, or where we need to comply with legal obligations. We will conduct legitimate interest assessments in line with the PDPA to ensure your rights are not overridden by our interests.
1.5 If You Decide not to Provide Personal Data
You may decide not to provide some or any of your personal data to us. However, if you do not provide it, we may not be able to provide you with access to certain information or services.
The Company only shares personal data for the legitimate and lawful purposes listed above, such as to provide services to the data subject. When disclosing personal data to third parties, we will enter into contracts with these third parties to protect your personal data in a manner that is consistent with the PDPA.
2.1 Service Providers
To deliver, communicate, market, and promote our services, we rely on third party service providers. These providers offer key services that assist us in providing the SHOPLINE Payments platform and services, including but not limited to cloud infrastructure, sanctions and politically-exposed parties (PEP) screening, transaction and fraud monitoring, post-transaction monitoringand content monitoring (including but not limited to Amazon Web Services (AWS) Cloud, WorldCheck, Cybersource, Actimize and Ever Compliant), conducting analyses to assess the speed, accuracy, and/or security of our services, verifying identities, and providing customer service and audit functions. We authorize these service providers to use or disclose the personal data we provide them to deliver services on our behalf and comply with relevant legal obligations. We require these service providers to contractually ensure the security and confidentiality of the personal data they process on our behalf. Most of our service providers are located in Singapore and the United States.
2.2 Payment/Financial Partners
When we are processing an order or other transaction via the SHOPLINE Payments platform and related services, we will share your personal data including payment information (such as credit ordebit card details) with partners as part of our service arrangements with them to facilitate the operation of the SHOPLINE Payments platform and provide our services. The Company will provide these partners with the necessary information to facilitate the operation of the SHOPLINE Payments platform and provide our services.
2.3 Professional Advisors
Where necessary we will share your personal data with our professional advisors such as our lawyers, accountants and auditors.
2.4 Other disclosures
The Company may share your personal data, including consumers' personal data, with third parties in one or more of the following circumstances:
(1) When the Company is required to disclose personal data by applicable law, such as to law enforcement bodies, governmental and regulatory bodies, the courts and other competent authorities that may request personal data in connection with any inquiry, court order, or other legal or regulatory procedures which we would need to comply with;
(2) To other companies in the SHOPLINE group, who will act as independent date controllers, joint controllers, or data processors (depending on the purpose for which the group entity receives the data), to provide merchants with SHOPLINE Payments products and/or services, recommend information that may interest them, identify abnormal user accounts, protect the personal and property safety of SHOPLINE Payments affiliates or other users and the public, and provide IT and system administration and other management or administration service ssuch as customer service and complaints handling;
(3) To establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims; and
(4) In connection with any reorganisation, company acquisition, merger, restructuring, transfer of our business or assets, bankruptcy or insolvency, or change in the operational entity.
2.5 Public Disclosure
In principle, the Company will not disclose your personal data to the public, except as agreed under your contract or as required by applicable laws or orders.
3.1 Retention Period
While you are using the SHOPLINE Payments platform and/or services, the Company will continue to retain the personal data of merchants and consumers for as long as needed for the purposes for which it was obtained. This includes for example, retaining "Know Your Customer" personal data for at least six years after the end of the business relationship, and transaction datain relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during thisperiod.
Under applicable data protection law, you have certain rights in relation to your personal data. Please note that many of these rights are not absolute and we may have grounds to not fully comply with your request to exercise them (for example, where we are (a) required or permitted by applicable law to process your personal data in a way that is incompatible with your request, or(b) able to rely on exemptions under applicable data protection law which entitle us to process your personal data in a way that is incompatible with your request). Where such circumstances apply, we will inform you when we respond to your request to exercise your rights.
4.1 Rights to Access
You have the right to request to be provided with your personal data in our possession and the right to ask for details on how we have used your personal.
4.2 Rights to Correction
You have the right to make corrections to your inaccurate or outdated personal data in our possession. We will respond to your request for access as soon as reasonably possible. If we are unable to provide you with the requested personal data, we will inform you why we are not able to do so (except where we are not required to do so by applicable laws).
4.3 Rights to withdrawal of consents to data subject
You have the right to withdraw your consent to our usage of your personal data. Withdrawal of consent may be made in writing to our contact email in Section 11.
4.4 Rights you may enjoy.
If you wish to exercise any of your rights under the PDPA, you may contact us through Feedback Hub. We may require that you submit certain forms or provide certain information to process your request.
The Company takes the security of your personal data very seriously. We have implemented industry-standard security technologies, organizational frameworks, and management systems to provide multi-level protection measures to prevent your personal data from being leaked, damaged, misused, or accessed, disclosed, or altered without authorization. Specific measures include:
5.1 Data Security Technology Measures
To ensure information security, the Company has obtained PCI-DSS Level 1 certification and strives to adopt various reasonable security measures to protect personal data, reducing the likelihood of merchant and consumer data leakage, damage, or loss. We use encryption technologies, such as SSL, to secure data during transmission and employ proper protection mechanisms to prevent malicious attacks. The Company uses encryption storage and access control mechanisms for personal data to prevent unauthorized access, disclosure, use, alteration, accidental damage, or loss of your and your consumers' personal data.
5.2 Personnel Organizational and Management Measures
The Company has established internal control management processes for personal data based on the principle of minimum necessity, setting information access permissions for employees who may come into contact with your and your consumers' personal data, and controlling the scope of knowledge regarding personal data.
We have internal rules for data security usage and apply strict management to employees or outsourced personnel who may handle personal data, including, but not limited to: setting different access levels based on job roles, signing confidentiality agreements with employees and/or outsourced personnel, and conducting regular audits of employee and/or outsourced personnel operations.
Our employees participate in regular (at least once every 12 months) security and privacy protection training to raise awareness of the importance of protecting personal data.
We may transfer your personal data to different jurisdictions outside of Singapore as described in the Privacy Policy. Where we transfer your personal data across jurisdictions, we will ensure that your personal data is protected in accordance with this Privacy Policy regardless of the jurisdictions they are transferred to, and in any event to a level that is no less stringent than level of protection required under the PDPA.
A cookie is a small piece of data stored on the data subject's computer, mobile phone, or other smart terminal device by a website or related server when the data subject logs into a website or browses online content. Cookies typically contain an identifier, the website name, and some numbers and characters. When the data subject revisits the website, the site can recognize the data subject’s browser through the cookie. Cookies may store user preferences and other information.
Merchants may cancel their SHOPLINE Payments account or any Company product in accordance with the SHOPLINE Payments service terms and other applicable provisions. You acknowledge and understand that canceling your platform account will result in the permanent loss of access to your account and the data and content within it. The Company will cancel your account after verifying your identity and resolving any outstanding assets in your account. After account cancellation, unless personal data retention is required by law, the Company will delete or anonymize your personal data without undue delay.
Please note that account cancellation is irreversible. Once your account is canceled, the Company will no longer collect your personal data, provide you with its products and/or services, or share data processed by the Company in connection with the SHOPLINE Payments service, regardless of whether you later restart your account with the same registration information, although if you restart your account further personal data may be collected at that point. The personal data you previously provided will also no longer be available for copy. Therefore, please carefully considerand back up any important data before canceling your account.
Our services are not for children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. Individuals under the age of 13 should only use our services with the permission and under the supervision of a parent or guardian. Individuals under the age of 13 should not attempt to provide us with any personal information. If you think we have received personal information from children under the age of 13, please contact us immediately.
The Company may revise the terms of this Policy (including Schedule A and/or the Annexes contained therein) from time to time as our privacy practices change, or as required by applicable legal or regulatory requirements, and such revisions will become part of this Policy. Where it is practicable the Company will notify you of any significant changes (such as if there are significant changes in the Company's service model, like changes to the purpose of personal data processing), we will notify you by the way of notice on our website or email. In such cases, if you disagree with the Policy, or have objections to any changes or updates, you may choose to stop using the Company’s products and/or services or cancel your account. However, please be aware that any actions and activities you conducted before account cancellation or cessation of platform usage will still be governed by this Policy.
If you have any questions, comments, or suggestions regarding the content of this Policy or our handling of your personal data (including any requests to exercise your legal rights), you can contact us via the following (and the entity named for your country is the controller of your personal data for the purposes of this Policy):
Name
Address
Contact
SHOPLINE COMMERCEPTE LIMITED
180 Cecil Street #10-02, BangkokBank Building, Singapore 069546
If you have any privacyquestions or concerns, pleasesubmit your complaintthrough the Feedback Hub.
Shopline Holdings Limited
Room 1801-07, 18/F, Leighton Centre, 77 Leighton Road, Causeway Bay, Hong Kong
SHOPLINE (M) SDN. BHD.
17-08 & 17-09, Tower A, The Vertical Business Suite, No. 8Jalan Kerinchi, Bangsar South City, 59200 Kuala Lumpur, W.P Kuala Lumpur, Malaysia
Shopline Australia Pty. Ltd.
SUITE 5, LEVEL 17, 1-7
BLIGH STREET, SYDNEY NSW
2000, Australia
SHOPLINE TECHNOLOGY (UK) LIMITED
Suite 1, 7th Floor 50 Broadway, London, United Kingdom, SW1H0DB
SHOPLINE US INC
156 W 56th St Fl 3 New York, NY 10019
12.1 You: Refers to (1) our customers, whether free or paid registered merchant users of SHOPLINE Payments and/or their directors, employees and/or authorized personnel, and/or (2)consumers who complete payments through SHOPLINE Payments.
12.2 Personal Data: Refers to various information recorded in paper, electronic, or other formsthat can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. Personal data covered by this Policy may include name, date of birth, identification number, address, email, contact information, communication records and content, password, financial information, etc.
12.3 Special Personal Data: Refers to medical history, medical care, genetic information, sexual activities, health checks, and criminal records. In principle, the Company does not collect special personal data, but in rare circumstances, we may collect criminal records, but in such circumstances, we would do so only as required or permitted by law.
If you are in California, Hong Kong, United Kingdom or European Economic Area then in addition to the information set out in the main body of the Privacy Policy the information in the relevant Privacy Law Appendix below also applies to how SHOPLINE Payments collects and processes personal data about you.
If you are in California, Hong Kong, United Kingdom or European Economic Area then in addition to the information set out in the main body of the Privacy Policy the information in the relevant Privacy Law Appendix below also applies to how SHOPLINE Payments collects and processes personal data about you.
(a) where you have provided us with your consent, such as for direct marketing communications, when consent for marketing is required under applicable law (and you have a right to object to processing of your personal data for direct marketing purposes);
(b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
(c) where we need to perform a contract with you; or
(d) where we need to comply with a legal obligation (for example, responding to governmentor law enforcement request).
Please note that that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us using the contact details at Section 11 of this Policy if you need further details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out in the table below.
Personal Data Collected and Processed by the Company
Purposes of Collection and Use
Lawful basis for processing, including any legitimate interest pursued
Merchants
When you register for an account with SHOPLINE Payments, log in,or actively contact SHOPLINE Payments, you may provide the Company with the following personal data related to yourself or your employees or authorized agents, including but not limited to: name, email, phone number, registered, business/operating and billing addresses, and contact number. In some cases, we may also collect your IP address, business registration information, and tax identification number.
To verify you or your authorized agents' identity and authority.
To provide SHOPLINE Payments and related services to you (e.g., issuing transaction funds to your account) in line with our platform service terms.
To address issues or inquiries related to your use of the services.
To notify you about new features and services, and to provide marketing updates.
To help us understand, respond to, and resolve your inquiries.
To perform our contract with you.
Necessary for our legitimate interests (to verify identity and prevent fraud, notify about new features, provide updates and resolve issues related to service use).
To meet our legal obligations.
You provide payment information, including payment card or bank account numbers, and bank account details.
When, after having registered for an account, you apply to use SHOPLINE Payments services, you provide us with additional personal data, including your contact information, address, company, gender, nationality/region, ID (including type, number and photo), date of birth, residential address, property registration, partnership agreement, shareholding percentage (if you are an owner or director of a merchant), banking information (including account type, account name, account number, BIC /SWIFT or IBAN codes and bank statement/s), information related to your store such as name/tradingname/handle, sales type, main products sold, and estimated monthly store revenue and business-related information (if you are an individual business owner), details about the nature of your business, transaction history, and store operational status.
To establish and maintain your SHOPLINE Payments account and to provide the related services and features to you.
To monitor transaction risks and related legal obligations, including legal compliance (e.g.,fraud prevention, suspicious activity monitoring, anti-money laundering, and counter-terrorism financing).
To conduct "Know Your Customer" checks and other checks as required under applicable laws, and monitor transaction risks and related legal obligations, including legal compliance (e.g., fraud prevention, suspicious activity monitoring, anti-money laundering, and counter-terrorism financing) obligations to allow us to fulfil our regulatory requirements for customer due diligence and name screening.
To analyze and improve services to make them more personalized and user-friendly.
To help us understand, respond to, and resolve your inquiries.
To perform our contract with you.
To meet our legal obligations (e.g., fraud prevention, suspicious activity monitoring).
To meet our legal obligations.
To perform our contract with you.
Necessary for our legitimate interests (such as to improve and analyze our services and respond to your inquiries).
Data subjects (consumers, and merchants that are individuals)
When you complete a payment process, you provide the Company with or the Company collects the following personal data, including but not limited to:
Merchants
Information relating to the merchant's store and therelevant transaction, payment and delivery, such asmerchant name and store name, merchant city,transaction time, payment details.
Consumers
Payment card information (such as cardholder name, card BIN, issuing bank and country, cardnumber, expiration year and month and issuing bank), contact number, email address, shipping information (product information, recipient name, delivery address, logistics information), IP address and IP country.
To provide SHOPLINE payment services and complete the payment process.
To monitor transaction fraud and risk control, handle consumer disputes, and comply with legal requirements (including fulfilling customer audits and investigations, anti-money laundering, and counter-terrorism financing regulations).
To identify and resolve issues and faults, as well as improve the SHOPLINE Payments platform and related services.
To perform our contract with you.
Necessary for our legitimate interests (such as to improve and analyze our services and respond to your inquiries).
To meet our legal obligations.
The Company collects information, which may include personal data, through "cookies," "user agents," or similar technologies that collect data from devices used by you (including your employees and authorized agents), including frequently used device information, IP address, device model, device identifiers, operating system, browser, service providers, and logs (logs related to your platform activity and the internet browsing history).
To monitor transaction fraud and risk control, handle consumer disputes, and comply with legal requirements (including on fraud prevention, suspicious activity monitoring, fulfilling customer audits and investigations, anti-money laundering, and counter-terrorism financing).
To analyze data and provide more personalized and tailored services to you.
Logs are saved and used for diagnosis, including network disconnections, system lags, click events.
To identify and resolve technical issues and faults, as well as to analyze and improve the SHOPLINE Payments platform and related services, such as to make them more personalized and user friendly.
To meet our legal obligations.
Necessary for our legitimate interests (such as to improve and analyze our services and respond to your inquiries).
If you are in the UK or EEA, the following rights apply:
2.1 Right to Request Access
You have the right to obtain specific information about the processing of your personal data, as well as copies of such personal data, free of charge. If you are a merchant, you can log in to your SHOPLINE Payments account at any time to view your personal data.
2.2 Right to Rectification
You have the right to correct your personal data or supplement incomplete data without undue delay, if your personal data is inaccurate.
2.3 Request to Restrict Processing of Personal Data
In some situations, you may have the right to contact the Company to request the restriction of processing of your personal data (such as where the personal data has been unlawfully processedor its accuracy is in the process of being verified/corrected), following which we will not processit (except for storage) unless you consent or unless the processing is for reasons such as the establishment, exercise or defence of legal claims, the protection of the rights of another individual or legal person, or important public interest, in which case the Company may retain your communication and transaction records for the duration allowed by law.
2.4 Request to Erasure
You may contact the Company to request the deletion of your personal data (also known as the "right to be forgotten") without undue delay on various grounds, such as where the personal datais no longer necessary for the purposes for which it was originally collected or processed.
2.6 Right to Data Portability
You have the right in certain circumstances to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such information to another controller.
2.7 Right to Withdraw Consent
Where we process your personal data based on consent, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing conducted based on consent before any such withdrawal. Furthermore, even in case of a withdrawal we may continue to use your personal data as permitted or required by law.
2.8 Right to Make a Complaint
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (Tel: 0303 123 1113 or at www.ico.org.uk), or to the data protection supervisory authority in the Member State of the European Union in which you are resident. We would, however, appreciate the opportunity to address your concerns before you approach the ICO or another supervisory authority, so please contact us in the first instance.
2.9 Automated Decision-Making
We use automated systems to monitor transactions for potential fraudulent activity. Alerts may be triggered if your behavior resembles known fraudulent patterns, deviates significantly from your usual behavior, or suggests deliberate concealment of your identity. If no alerts are triggered, the transaction will proceed as usual. However, if an alert is generated indicating potential fraud, the transaction will be flagged for manual review. A member of our team will evaluate the situation and take appropriate action, which may include adjusting or declining the transaction. You have the right to contest any automated decision that has a legal or similarly significant impact on you. If you wish to have such a decision reviewed, please refer to the contact information provided in Section 10 of this Policy.
2.10 What we may need from you
We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data or access someone else's personal data on their behalf (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
2.11 How to Exercise Your Rights, and Responding to Your Requests
To exercise your rights under this section you can contact the Company using the contact methods provided at Section 11 in this Policy. We try to respond to all legitimate requests within one month although occasionally it could take us longer than a month; for example, if your request is particularly complex or if you have made a number of requests, this may be extended to an additional two months. To ensure security, the Company may first verify your identity before processing your request.
The Company provides this platform and SHOPLINE Payments services across multiple countries and regions. We may share your personal data within our group, which may involve transferring your personal data outside the EEA and/or UK. Some of our third-party service providers, partners or affiliates are also based outside the EEA and/or UK, so their processing of your personal data may involve a transfer of personal data outside the EEA and/or UK. Generally, your personal data is stored in Singapore and the United States.
Whenever we transfer your personal information out of the EEA and/or UK, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
We will take measures to comply with applicable data protection laws related to such transfers and use appropriate transfer solutions for any transfers of data outside the EEA and/or UK, such as the Standard Contractual Clauses. You can obtain a copy of the adequate safeguards which we rely upon to make any transfer outside the UK and EEA by contactingus using the details in Section 11.
If you reside in the US, you have the following rights:
1.1 Right to Know
You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal informationis collected, the business or commercial purpose for collecting personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
1.2 Right to Delete
You have the right to request that we delete certain personal information we have collected from you.
1.3 Right to Correct
You have the right to correct inaccurate personal information that we maintain about you.
1.4 Right to Opt-Out of Sale or Share
We do not “sell” your personal information because we do not provide it to third parties in exchange for money or any other benefit as defined by California law. We also do not “share” your personal information as defined by California law because we do not provide it to third parties for cross context behavioral advertising.
1.5 Right to Opt-Out of Targeted Advertising
You have the right to op-out of targeted advertising.
1.6 Right to Opt-Out of Profiling
You may request to op-out of profiling in furtherance of a decision that produces a legal or similarly legal effect, or request to learn about the logic involved in decision making processes.
1.7 Right to Portability
You have the right to obtain your personal data and a list of third parties to which we have disclosed your personal data in a portable, and to the extent technically feasible, readily useable format, which you can use to transmit your data to another entity.
1.8 The Right to Appeal
You may appeal our decision to your request regarding your personal information. To do so, please contact us in any of the ways listed in Section 11. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.
If you direct us not to sell/share your personal information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes. Please know that the privacy right soutlined above are subject to exceptions. We will confirm receipt of every request within 10 business days and respond to every request within 45 calendar days. We may extend that response time as appropriate, if permitted. We will not retaliate or discriminate against you for exercisingany of these privacy rights.
Requests to exercise privacy rights must be verified. This process may require us to request additional personal information from you in order to authenticate your identity. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity.
You may designate an authorized agent to make a request on your behalf. An authorized agent must have written documentation of their authority to act on your behalf, such as receiving: (i) a power of attorney; or (ii) sufficient evidence to show that the individual has provided the authorized agent signed permission to act on their behalf, verified the individual’s own identity directly with us pursuant to the procedures above, and directly confirmed with us the individual provided the authorized agent permission to submit the request on their behalf.
This appendix seeks to provide additional information to residents of United Stated and California and supplements the information provided in the Privacy Policy. As discussed in the Privacy Policy in further detail, we do not “sell” or “share” any personal information as those terms are defined under California privacy law.
To learn more about the categories of personal information we collect, how we collect it, why we collect it, with whom we share it, and how long we retain it, please see the items below. To submit a privacy request, please see the instructions provided in the Privacy Policy.
Category
What we collect
How we collect it
Why we collect it
With whom we share it
How long we retain it
Identifiers
Such as, name, email, phone number, registered business/operating billing address and contact number, IP address, business registration number, tax identification number or other similar identifiers.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly orindirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Protected classification characteristics under California or federal law
Nationality and gender.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Commercial information
Bank account number, credit card number, debit card number, or any other financial information.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Biometric information
N/A
N/A
N/A
N/A
N/A
Internet or other similar network activity
Information on a customer’s interaction with our services including websites, applications, or advertisements.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Geolocation data
In some instances IP addresses are collected.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Sensory data (Audio, video, etc.)
N/A
N/A
N/A
N/A
N/A
Professional or employment - related information
N/A
N/A
N/A
N/A
N/A
Non-public education information
N/A
N/A
N/A
N/A
N/A
Inferences drawn from other personal information
Information generated from your use of our services.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
Sensitive personal information
Precise Geolocation.
For more information please see the What Personal Data Do we Collect, Process, and Use? section of the Privacy Policy.
Collected directly or indirectly through your use of the service or obtained from third parties.
For more information please see the Collection, Processing and Use section of the Privacy Policy.
We collect this information for the purposes listed in the What Personal Data Do We Collect, Process, and Use? section of this privacy policy.
Shared with our affiliates, subsidiaries, partners, vendors, and service providers as described in the Do We Share Personal Data section of this Privacy Policy above.
This includes for example, retaining "Know Your Customer" for at least six years after the end of the business relationship, and transaction data in relation to consumer sales through the SHOPLINE Payments platform for seven years after completion of the transaction, regardless of whether the business relationship ends during this period.
1.1 Applicability of additional terms. The terms set out in this Hong Kong Privacy Law Appendix shall apply to you if you are located in, and accessing or browsing the Company’s website and/or using our services from Hong Kong.
1.2 This section outlines the Company’s compliance with the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong. The Company is committed to safeguarding your personal data in accordance with this law.
1.3 In addition to the terms outlined in the Privacy Policy, if you are accessing our website and utilising our services from Hong Kong, you acknowledge and agree that your personal data may be transferred, stored, and processed in locations outside of Hong Kong. You also consent to the collection, processing, and use of your personal data in accordance with the Privacy Policy and applicable laws and regulations of Hong Kong, including but not limited to the PDPO.
1.4 The parties to whom we disclose and/or transfer your personal data may be situated outside of Hong Kong where there may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the PDPO.
1.5 The Company reserves the right to update or modify these terms at any time. Any changes will be effective immediately upon posting on our website. It is your responsibility to review these terms periodically for updates.
1.6 The Company must acquire informed consent before using your personal data for the purposes stated in section 2 of the Privacy Policy.
1.7 You may at any time request access to and correct personal data relating to you in any ofour records. You may also ask us to delete your personal data from any active mailing or distribution list. In response, we may ask you to provide certain details about yourself so that we can be sure you are the person to whom the data refers. We are required to respond to your requests within 30 days. We may also charge you a reasonable fee for complying with any data access request.
1.8 If you are under the age of 18, you must have a legal representative such as a parent or guardian accepting this Privacy Policy on your behalf before providing any personal data to us.
1.9 If you have any questions or concerns about these terms or our Privacy Policy, please contact us from Feedback Hub.
