XS
SM
MD
LG
XL
14 Days Free Trial

Compliance Center

Introduction

  • Introduction
  • SHOPLINE - Shared Responsibility Model
  • Privacy
  • PCI
  • CBPR
  • ISO

Introduction

SHOPLINE is committed to providing users with safer services and improved compliance capabilities. The Compliance Center will introduce the responsibilities and obligations between SHOPLINE, customers, suppliers, and partners separately. In order to enable customers and the market to better understand SHOPLINE's compliance practices, we will gradually disclose SHOPLINE's compliance practices and service capabilities through third-party audit reports, based on the best practices in the industry. The success of our customers is SHOPLINE's best achievement, so please give us timely feedback on your compliance requirements, and we will continue to improve.

SHOPLINE - Shared Responsibility Model

When you (hereinafter referred to as “you” or “merchant”) use SHOPLINE’s (hereinafter referred to as “we” or “SHOPLINE”) software-as-a-service platform (hereinafter referred to as the “Platform”), it is important to understand the shared responsibility model and which security tasks are handled by SHOPLINE and which tasks are handled by you.

Security and compliance are the shared responsibilities between SHOPLINE and the merchant. As shown in the shared responsibility chart below, SHOPLINE is responsible for the security of the Platform itself and the associated infrastructures (including software, networking, services and physical facilities) used to provide the Platform to merchants. At the same time, the merchant is responsible for how it configures the platform, the security of the data stored on the Platform and the security of the user accounts, devices and third-party software or applications used to access the Platform.

We elaborate on each of SHOPLINE and the merchant’s security responsibilities further below.

SHOPLINE - Shared Responsibility Model

SHOPLINE’s Security Responsibilities

As mentioned above, SHOPLINE is responsible for the security of the Platform itself and the associated infrastructures (including software, networking, services and physical facilities) used to provide the Platform to merchants.

Merchant’s Security Responsibilities

The merchant is responsible for how it configures the platform, the security of the data stored on the Platform and the security of the user accounts, devices and third-party software or applications used to access the Platform. We elaborate on this further below.

Security of data stored on the Platform

The merchant is solely responsible for managing the information and data stored within its account in accordance with all applicable laws and regulations and SHOPLINE’s Terms of Services. This includes taking steps to ensure that its password for accessing the Platform is kept safe from any inadvertent and unauthorised disclosure, and backing up data regularly.

Security configuration and management tasks

As the merchant is responsible for deploying its online store (hereinafter referred to as the “Merchant Store”) on the Platform, it is also responsible for the security configuration and management tasks related to such deployment. The merchant is responsible for the management of the Merchant Store (including access control and log review), any third-party application software or utilities installed by the merchant on the Platform (hereinafter referred to as “Third-Party Plugins”) and the security configuration of such Third-Party Plugins.

Abstracted services

The merchant is responsible for the management of abstracted services such as Mailchimp and SmartPush. SHOPLINE does not assume any responsibility for the merchant’s use of these abstracted services, and so it is critical for the merchant to understand how security responsibilities are shared between the merchant and abstracted service provider, as well as what merchant data is shared by the abstracted service provider with third parties. The merchant is solely responsible for managing the data (including end consumer data) that can be accessed by the abstracted service provider, classifying the assets that can be accessed by the abstracted service provider and applying the appropriate permissions for such data and assets. IT security controls. Just as the responsibility to operate the IT environment is shared between SHOPLINE and the merchant, the responsibility to implement the appropriate IT security controls is similarly shared between SHOPLINE and the merchant. SHOPLINE is responsible for implementing controls for the infrastructure (including software, networking, services and physical facilities) used to provide the Platform, but the merchant is responsible for implementing controls related to its use of the Platform, including the storage of data on the Platform. Below are examples of controls that are managed by SHOPLINE, the merchant and/or both.

Inherited controls – controls which the merchant fully inherits from SHOPLINE. Examples include:

  • Physical and environmental controls
  • Patch management

Shared controls - controls that are managed by both SHOPLINE and the merchant. In a shared control, SHOPLINE is responsible for implementing controls for the infrastructure (including software, networking, services and physical facilities) used to provide the Platform, but the merchant is responsible for implementing controls related to its use of the Platform, including the storage of data on the Platform. Examples include:

  • Configuration management – SHOPLINE maintains the configuration of the Platform’s infrastructure devices, operating system, databases and applications. The merchant is responsible for configuring the Merchant Store, Third-Party Plugins and abstracted services.
  • Awareness and training – each of SHOPLINE and the merchant is responsible for training their own employees in connection with the use of the Platform.

Merchant controls - controls that are solely the responsibility of the merchant.

Privacy

Overview

SHOPLINE aims to provide merchants with a “Software as a Service” platform (hereinafter referred to as “SHOPLINE” or the “Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.

When you visit our websites and use the Platform, we may collect and use personal information about you (including your employees and/or persons who act on your behalf). We may also collect and use personal information from your customers on your behalf under your entrustment if they visit or purchase on the SHOPLINE empowered store. We are fully aware of the importance of personal information to you and your customers (collectively the “Personal Data Subjects”) and we are committed to ensuring the integrity and security of the Platform.

Please review our Privacy Policy that applies to everyone whose information we process. The Privacy Policy will help you better understand how we collect, use, and share your personal information. We may update the terms of the Privacy Policy from time to time, and such updates shall form part of the Privacy Policy. In the event of significant or material changes, we will notify you in a prominent manner as appropriate.

What we collect and how we use personal information

We will collect and use your personal information provided by you voluntarily, generated when you use the Platform, and obtained by us from third parties, in accordance with the principles of legality, legitimacy and necessity. In general, we need this information for you to be able to use the Platform. Unless otherwise permitted by law, we will only collect and use personal information with your authorization. Please ensure that you have obtained explicit consent from your customers for you to use such personal information.

Information we collect
How we use such information
Information you provide us about you and your employees or authorized persons, such as your name, email address, phone number, third-party account, and log-in password. We may also ask you to provide us with your address, business registration number, and tax number under certain circumstances.
  • to verify your identity and the identity of you, your employees, or authorized persons
  • to provide you with information related to the use of the Platform (such as providing a verification code, contacting you about the usage and problems of the Platform, and issuing a billing or an invoice to you)
  • to provide you with updates on new features or services on the Platform
Payment or billing information you provide us, such as your credit card number, debit card number or bank account number, and your billing records.
  • to charge you relevant services fees upon your authorization, and to assist you to check billing records
When you apply for and use SHOPLINE Payments, we collect more specific information you provide us, including your address, business identification number, bank account information, and information about your directors, senior management and shareholders, and (if you are an individual business owner) your personal identification number, as well as transaction information of your store.
  • to create and manage your SHOPLINE Payments accounts
  • to provide you with SHOPLINE Payments services
  • to conduct fraud and risk monitoring
  • to comply with legal requirements (such as “Know Your Customer”, anti-money laundering or anti-terrorism laws)
  • to provide tax documentation

Content information you upload or publish on the Platform, including text, images, audio and video recordings, as well as the date, time and place of such information.

When you use this feature, we will ask for your authorization to use the camera, photo album, microphone and location permissions in your terminal device. You may choose whether or not to grant us such authorization. If you refuse, you will not be able to use this feature, but your use of other SHOPLINE features will not be affected.

If the content contains any personal information, please ensure that you have obtained the explicit consent of the Personal Data Subject.

  • to provide you relevant services on the Platform, including to conduct store management and customers management
We will collect via “cookies” or similar technologies: device information, including your (and those of your employees and authorized persons) frequently used personal devices, including the IP address, device model, device identification number, operating system, resolution, and telecom operator; and log information, including network diagnosis, lag information, click events, click records, browsing history and potentially unsafe URLs, and retain them as required by applicable laws.
  • to provide you with the access to the Platform
  • to improve the features and services of the Platform
  • to provide you with personalized and customized services
  • to advertise and market new features and services to you; to identify and troubleshoot issues
Information of your customers uploaded by you into the Platform, such as your customers’ name, email address and phone number.

Information your customers provide us about them, such as:
- Information your customers provide at the time of member registration, such as their name, email address, phone number and other information that you authorized to collect (such as birthday);
- Information your customers provide at the time of checkout, such as their name, email address, phone number, delivery information and payments information.

Browsing history, behavior data, and device information that we collect through “cookies” or similar technologies, such as network connection, IP address, and details how they browse the store.

  • to provide you with relevant services and to carry out store operations and customers management, such as completing the transactions, fulfilling orders, monitoring transaction, preventing fraud, providing information about your new products, and identifying and troubleshooting issues
  • to optimize our features and services and to provide you with more customized features and services, such as providing you with data analysis of your customers to help you achieve business growth
When you apply for and use SHOPLINE POS, you provide us with more information about you, including your address, store name, email address, PIN, and opening hours.
  • to establish and manage your SHOPLINE POS account
  • to provide you with SHOPLINE POS services
  • to ensure the security of account information

Your customers’ information

In order to provide relevant SHOPLINE services to you, we may, on behalf of you and under your entrustment, collect the personal information of your customers who visit or place an order at the store, and process such personal information as directed by you. In general, we only collect and use this personal information as directed by you, and as further described in our Data Processing Addendum. Legally speaking, we are a “data processor” and we act so in accordance with the agreement we entered with you as well as the Privacy Policy. You, as the personal data controller, assume all responsibilities towards its customers. Because you decide how the personal information of your customers will be used, you need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information.

You hereby acknowledge and authorize us to collect, store and process personal information from your customers for you to use the Platform and SHOPLINE services, and hereby undertake to us that you have obtained sufficient and necessary authorization, consent and permission from your customers for us to directly collect and use their personal information required to perform relevant services. You should do this by, at a minimum, posting a privacy policy on your store that describes the information you collect, how you use it, and whom you share it with. It is your sole responsibility to respond to queries and requests from your customers with regard to how you process their personal information.

How we share your personal information

We do not share personal information with any third parties unless one or more of the following circumstances exist:

  • At the request of the Personal Data Subject, or with the prior explicit authorization or consent of the Personal Data Subject;
  • Related to the performance of our obligations under laws and regulations;
  • Directly related to national security or national defense security;
  • Directly related to public safety, public health and major public interests;
  • Directly related to criminal investigation, prosecution, trials and enforcement;
  • For the purpose of safeguarding the life, property and other major legitimate rights and interests of the Personal Data Subject or any other person, but it is difficult to obtain the consent of that person;
  • The personal information involved is disclosed to the public by the Personal Data Subject;
  • The personal information involved is collected from lawfully and publicly disclosed information;
  • Sharing with affiliated companies of SHOPLINE: In order to provide you with SHOPLINE products and services, to make recommendations that may be of interest to you, to troubleshoot accounts issues, and protect the personal and property safety of our affiliated companies or other users or the public, you acknowledge and agree that we may share your and your customers' personal information with our affiliated companies. We will only share personal information to the extent necessary and are bound by purposes as specified under the Privacy Policy. If we share sensitive personal information or our affiliated companies use and process the personal information for different purposes, we will seek authorization and consent from you again;
  • Sharing with our third-party partners: We will only share personal information for lawful, legitimate, necessary, specific and explicit purposes, and will only share personal information necessary to provide relevant services to you or your customers. We will not share personal information that can identify the Personal Data Subjects, unless otherwise permitted by laws or regulations. Generally, these third-party partners are also data controllers who will process personal information in their own accounts after obtaining the consent of the Personal Data Subjects. Such partners may have their own separate privacy policies and user agreements. We encourage you and your customers to read and comply with such user agreements and privacy policies.

In addition, almost all merchants will use non-SHOPLINE features or services when they use the Platform (including apps from Apps Store, payments gateways or logistics services providers). Please note that such features or services are provided by third parties. You shall read and understand the privacy policies and user agreements of third parties before providing any personal information to them. We are not responsible for the content of any third-party websites, and third-party policies on personal information and security measures.

How you exercise right over your personal information

We believe that you should be able to access and control your own personal information no matter where you live. You may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information (for example, direct marketing). You can access and correct your personal information directly through the “Personal Center” of SHOPLINE administrative panel. If you want to access or amend your other personal information, or encounter any difficulty in exercising the above right, you can contact us. To ensure security, we may request to verify your user identity before processing your request. Generally, your user identity will be verified and a reply will be provided within 15 business days upon receipt of your request.

In principle, we do not charge for your reasonable request. For repeating requests in a specific period of time, we reserve the right to charge you as appropriate; for requests that require excessive technical support (e.g., the need to develop a new system or fundamentally change existing practices) or entail other significant difficulties, we will provide you with alternatives.

You may terminate your SHOPLINE account in accordance with SHOPLINE Terms. You acknowledge and understand that you no longer have access to your SHOPLINE accounts and data relating to your SHOPLINE account once you terminate your SHOPLINE accounts. We will terminate your accounts after verifying your identity and agreeing with you on disposal of assets in your account. After termination, we will promptly delete your personal information or anonymize it unless it is necessary to retain your personal information according to any laws or regulations.

Please note that you shall respond directly to requests made by your customers (who are not our direct clients) relating to their personal information. Unless we receive a request from you for assistance, we may forward any request we receive from your customers to you or ask your customers to seek help directly from you.

How we protect your personal information

We take your personal information security very seriously. We have adopted technical security measures, appropriate organizational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorized use, disclosure or amendment of your personal information.

We use encrypted transmission technologies such as SSL to protect the security of data transition and use appropriate protection mechanisms to prevent malicious data attacks. We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your end users' personal information from being accessed, disclosed, used or altered without authorization, or intentionally or accidentally damaged or lost. Meanwhile, we appoint data protection officers as required by laws and regulations and set up a working group for personal information protection. We have also established relevant internal control management processes to strictly limit access to personal information to personnel to the minimum on a “need-to-know” basis.

Please note that the Internet is not an absolutely secure environment. This means we cannot guarantee the absolute security of your personal information. We strongly suggest that you shall safeguard the security of your SHOPLINE account by using a secure and complex password. In the event of a personal information security incident, we will immediately activate the emergency plan, take remedial measures, record the incident, and report it in time in accordance with the applicable laws and regulations.

How we retain your personal information

As we provide the Platform and SHOPLINE products and services to users in multiple jurisdictions, you acknowledge the information and data you provided to us may be transferred to, stored or processed outside of your country. In principle, we will store your personal information in Singapore. However, for statistical and analytical purposes, we may transfer your personal data to regions outside of Singapore. Nonetheless, we will ensure that your personal information is adequately protected as it is in the country or region where you are located and will use encryption in cross-border data transfer.

When you use the Platform and any SHOPLINE products and/or services, we will retain your and your customers’ personal information on behalf of you. We undertake that, we will only retain your and your customers’ personal information for such period as necessary to achieve the purposes as authorized by you and your customers hereunder, unless otherwise provided by law or regulation or otherwise authorized by the Personal Data Subjects.

If you terminate your SHOPLINE account or delete your information, or if we cease operation for whatever reasons, we will cease collecting your personal information and delete or anonymize the personal information we have collected, in accordance with laws and regulations.

How we use “cookies” and other tracking technologies

  1. What are "cookies?"

    A cookie is a small file stored in the Personal Data Subject’s computer, mobile phone or any other smart terminal device by the website server when it logs into the website or browses website content, usually containing identifiers, site names and some numbers and characters. When the Personal Data Subject visits the website again, the website can identify the browser of the Personal Data Subject through cookies. Cookies may store user preferences and other information.

  2. How “cookies” are used?

    When a Personal Data Subject uses our website, we may collect the device model, operating system, device identifier and login IP address information of the Personal Data Subject through cookies or similar technologies, as well as cache the browsing information and clicking information of the Personal Data Subject, so as to view the network environment of the Personal Data Subject. Cookies allow us to identify a Personal Data Subject when it visits the website, continuously optimize the user friendliness of the website and make adjustments to the website according to the needs of the Personal Data Subject. The Personal Data Subject can also change the settings of the browser so that the browser does not accept cookies on our website, but this may affect the Personal Data Subject’s use of some features of the website.

    On SHOPLINE website, with the help of cookies and other similar technologies, we can identify whether a Personal Data Subject is our user or the user’s customers each time the Personal Data Subject uses the Platform, SHOPLINE services or the store empowered by SHOPLINE, without having to re-login and authenticate on each page.

  3. How to manage “cookies”?

    Personal Data Subject can manage or delete certain categories of tracking technologies according to their own preferences. Many web browsers have a Do Not Track feature that sends a Do Not Track request to the website.

    In addition to the controls we provide, a Personal Data Subject may choose to enable or disable cookies in their Internet browsers. Most Internet browsers also allow Personal Data Subject to choose whether to disable all cookies or only third-party cookies. By default, most Internet browsers accept cookies, but this can be changed. For more information, see the Help menu in your Internet browser or the documentation of your device.

    On SHOPLINE website, a Personal Data Subject may delete existing tracking technologies by clearing the cache.

    When a Personal Data Subject browses a webpage without logging in, we will collect cookies necessary to realize the browsing feature in order to provide relevant services to the Personal Data Subject.

    Please note that if a Personal Data Subject refuses to use or remove the existing tracking technologies, it is necessary to personally change the user settings at each visit, and we may not be able to provide a quality user experience to the Personal Data Subject, and some feature may not be able to function properly

How to contact us
If you have any questions, opinions or suggestions about how we process your personal information, you may contact us as follows:
Customer service email:support@shopline.com
Data protection/security email:security@shopline.com

SHOPLINE Data Processing Addendum

The applicable SHOPLINE Contracting Party (hereinafter referred to as “SHOPLINE”, “we” or “us”) aims to provide its customer (hereinafter referred to as “you”) a “Software as a Service” platform (hereinafter referred to as “SHOPLINE Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.

This Addendum(“Addendum”) shall become legally binding between yourself and SHOPLINE, and shall supplement our Terms and Conditions, Privacy Policy and any and all agreements we have with you governing our Services (collectively, the “Agreement”).

  1. Definitions

    Terms not defined herein have the meanings set forth in the Agreement. The following words in this Addendum have the following meanings:
    1) “Controller” means an entity which, alone or jointly with others, determines the purposes and means of the Processing of the Personal Data.
    2) “Data Protection Laws” means all data protection or privacy laws, rules, regulations and guidelines applicable to the Processing of Personal Data under the Agreement, including but not limited to (i) the California Consumer Privacy Act (CCPA), (ii) General Data Protection Regulation 2016/679 (EU GDPR), (iii) Singapore’s Personal Data Protection Act 2012 (PDPA), (iv) UK GDPR or Data Protection Act 2018, and any legislation and/or regulation implementing or made pursuant to it, or which amends or replaces any of it, and any other applicable legislation.
    3) “Data Subject Request” as used in this Addendum means a request for access, erasure, rectification, or portability of Personal Data (where the relevant individual has rights to make such requests under the applicable Data Protection Laws).
    4) “Parties” means the parties to the Agreement.
    5) “Personal Data” means any information relating to an identified or identifiable natural person, and any information categorized as personal data under applicable Data Protection Laws, which is Processed on the SHOPLINE Platform in the performance of the Agreement.
    6) “Personal Data Breach” means a breach of security leading to the accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, copying, modification, disposal of, or access to, Personal Data Processed under this Addendum.
    7) “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and “Process” and “Processed” shall be construed accordingly;
    8) “Processor” means an entity which Processes the Personal Data on behalf of the Controller.
    9) “Sub-processor” means any processor engaged by Processor to Process Personal Data on behalf of Controller.

  2. Processing of Personal Data

    1) The Parties agree that you shall be the Controller of your Personal Data, and SHOPLINE shall be the Processor of your Personal Data. In some cases, SHOPLINE may engage Sub-processors to process your Personal Data in accordance with Clause ‎6 below. For the avoidance of doubt, SHOPLINE shall never be considered a Controller of your Personal Data at any time.
    2) SHOPLINE will Process your Personal Data in accordance with your documented instructions (which may be provided to us using the SHOPLINE Platform), this Addendum and the applicable Data Protection Laws. You agree that this Addendum, the Agreement and any subsequent statements of work or service orders, and any configurations by you and your authorized users, comprise your complete instructions to SHOPLINE regarding the Processing of Personal Data. Any additional or alternate instructions must be agreed between the Parties in writing, including the costs (if any) associated with complying with such instructions.
    3) You represent and warrant that: i. you shall comply with the applicable laws, including Data Protection Laws , at all times;
    ii. you shall obtain all rights, permissions or consents from the data subjects, to which your Personal Data relate, that are necessary for your and SHOPLINE’s lawful use of such Personal Data before Processing such Personal Data, disclosing or transferring the Personal Data to SHOPLINE through the SHOPLINE Platform and providing SHOPLINE with instructions to Process your Personal Data;
    iii. your Processing of Personal Data in relation to the Agreement or receiving the Services under the Agreement shall not violate any applicable laws (including Data Protection Laws), or the rights of any party;
    iv. any and all Processing of Personal Data that SHOPLINE carries out pursuant to your instructions with your Personal Data shall not cause SHOPLINE to violate any applicable laws (including Data Protection Laws), or the rights of any party;
    v. you shall make reasonable effort to ensure that the Personal Data is accurate and complete before providing the same to SHOPLINE, and shall put in place adequate measures to ensure that the Personal Data in the SHOPLINE Platform or is otherwise in our possession remains accurate and complete;
    vi. you are the Controller of your Personal Data;
    vii. you shall indemnify SHOPLINE and its officers, employees, and agents, against all losses, liabilities, damages, costs (including all legal costs), claims, charges, expenses, actions, demands and proceedings which may be suffered or incurred by or made against SHOPLINE as a result of your breach of any representation or warranty in this Addendum, or any of your acts, omissions or negligence that cause or result in SHOPLINE being in breach of the applicable law, including Data Protection Laws.
    4) SHOPLINE shall not be responsible for determining if your instructions are compliant with applicable laws, including any applicable Data Protection Laws. However, where SHOPLINE is of the opinion that your instructions may not be compliant with applicable Data Protection Laws, SHOPLINE shall notify you as soon as reasonably practicable and shall be entitled to mitigate its risk by not being required to comply with such non-compliant instructions; SHOPLINE shall not be liable or deemed to be in default or breach of the Agreement as a result of exercising its rights to mitigate its risk under this Clause.
    5) You acknowledge and agree that you have the sole responsibility of complying with Data Protection Laws regarding the lawfulness of the collection and Processing of your Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to SHOPLINE and that your instructions to SHOPLINE in respect of any Processing of such Personal Data are compliant with applicable laws, including any applicable Data Protection Laws. SHOPLINE shall notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a supervisory authority relating to SHOPLINE’s Processing of your Personal Data.

  3. Security and Confidentiality

    1) SHOPLINE shall protect your Personal Data in SHOPLINE’s possession by implementing reasonable security measures (including, where appropriate, physical, administrative, procedural and information & communications technology measures) designed to help:
    i. prevent unauthorised access, collection, use, disclosure, copying, modification, or disposal, of your Personal Data, or similar risks; and
    ii. prevent the loss of any storage medium or device on which Personal Data is stored.
    2) For the purposes of this Addendum, the Parties acknowledge and agree that the arrangements set out in the Agreement are “reasonable security arrangements” sufficient and adequate to satisfy applicable Data Protection Laws and you shall not claim that reasonable security arrangements have not been put in place provided that SHOPLINE meets the requirements set out in the Agreement.
    3) You acknowledge and accept the risk of transferring data via the Internet, and that no data transmissions over the Internet can be guaranteed to be 100% secure. Data transmissions may be vulnerable to cyber hacking or any form of cybercrimes committed against SHOPLINE. Consequently, SHOPLINE cannot guarantee or warrant the security of any information you transmit to us and SHOPLINE hereby disclaims any and all liability resulting from or related to such events outside of SHOPLINE’s reasonable control; In no event shall SHOPLINE be liable for any damages (whether in contract or in tort) suffered by you that are attributable to such events.

  4. Personal Data Breach

    Where SHOPLINE has reason to believe that a data breach has occurred in relation to your Personal Data that SHOPLINE is Processing on your behalf, we shall, without undue delay, notify you of the occurrence of the data breach.

  5. Cooperation

    1) To the extent lawfully required or permitted, SHOPLINE will promptly notify you if SHOPLINE directly receives a Data Subject Request to exercise their rights under any applicable Data Protection Laws. Subject to the applicable laws, SHOPLINE will implement reasonable technical and organizational measures to enable you to execute Data Subject Requests that you are obligated to fulfill.
    2) To the extent required by applicable Data Protection Laws, SHOPLINE will provide reasonable assistance to you to carry out any data protection impact assessment in relation to the Processing of Personal Data undertaken by SHOPLINE and/or any required prior consultation(s) with supervisory authorities. SHOPLINE reserves the right to charge you a reasonable fee for the provision of such assistance.

  6. Sub-Processing

    You agree that SHOPLINE may use Sub-processors to fulfill its contractual obligations under the Agreement and this Addendum, or to provide certain Services on its behalf, such as providing support services. SHOPLINE’s use of any specific Sub-processor to Process the Personal Data shall be in compliance with Data Protection Laws and shall be governed by a contract between SHOPLINE and the Sub-processor that contains data protection obligations that provide at least the same level of protection for the Personal Data as the obligations in this Addendum.

  7. International Transfer

    1) Subject to this Clause ‎7, you acknowledge that SHOPLINE may make international transfers of Personal Data to places where SHOPLINE, its affiliates or its Sub-processors maintain data processing operations or facilities.
    Singapore
    2) Where the PDPA is applicable, SHOPLINE shall not transfer Personal Data to a place outside Singapore unless it has taken appropriate steps to ensure that the recipient is bound by legally enforceable obligations to provide the Personal Data a standard of protection that is at least comparable to the protection under the PDPA, or it is able to rely on an exception under the PDPA.

  8. Deletion of Personal Data

    1) Upon termination of the Services (for any reason) (and subject to any grace period during which we may continue to Process the data to allow you to download a copy of your data), SHOPLINE will cease to Process your Personal Data and shall delete or anonymize your Personal Data, subject to and in accordance with the applicable laws and regulations (including any applicable laws and regulations which require SHOPLINE to retain a copy of your Personal Data for record-keeping, compliance and legal purposes). The Parties agree to adhere to the data deletion mechanism as set out in the Agreement.
    2) SHOPLINE shall not retain Personal Data or documents containing Personal Data for any period of time longer than is necessary to serve the purposes for which that Personal Data was collected for or for legal or business purposes. You acknowledge that SHOPLINE relies on you to provide lawful instructions on the retention of Personal Data and you acknowledge and agree that Clauses ‎2(3) and ‎2(4) of this Addendum apply equally to the retention of any Personal Data.

  9. Severability

    If any provision of this Addendum is held to be prohibited by, invalid or unenforceable under any applicable law, such provision shall be ineffective only to the extent of such prohibition , invalidity, or unenforceability, without affecting the remainder of this Addendum (which shall remain in full force). The Parties shall make a good faith effort to replace the invalid or unenforceable provision with a valid one that conforms as much as possible to the original intent of the Parties.

  10. General Provisions

    (1) Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement.
    2) SHOPLINE may update the terms of this Addendum from time to time, and such update shall form part of this Addendum. If you do not agree with the updated Addendum, you may stop using our Services or terminate your SHOPLINE account. However, please note that this Addendum shall still apply to you until you effectively terminate your SHOPLINE account or cease using our Services.

PCI

What is PCI-DSS Compliance?

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations or companies that accept or handle credit card payments.

This standard helps to create a secure environment and develop a robust payment card data security process, to better control cardholder data – including prevention, detection and appropriate reaction to security incidents, thus reducing credit card fraud.

Is SHOPLINE PAYMENT PCI compliant?

Yes, SHOPLINE PAYMENT is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a Level 1 Service Provider.

Both SHOPLINE PAYMENT’s payment processors and SHOPLINE PAYMENT are PCI compliant.

What data is stored on SHOPLINE PAYMENT?

SHOPLINE PAYMENT stores the data entered in the merchant’s checkout fields, such as name, address, country, and so on. This data is separate from the billing field data, such as the card number, cardholder name and card expiration date.

I have other questions about PCI-DSS.

For SHOPLINE PAYMENT’s service provider PCI DSS Attestation of Compliance (AoC*), please contact your Merchant Success.

*The AOC is a form for SHOPLINE PAYMENT to attest to the results of its annual PCI DSS compliance assessment, and it is a highly confidential and privileged document.

For more information about PCI compliance, please click here.

SHOPLINE PCI DSS

CBPR

The Cross-Border Privacy Rules (CBPR) system, initiated by the Asia-Pacific Economic Cooperation (APEC), is designed to facilitate secure and efficient cross-border data flows among member economies while ensuring robust data protection. This system is grounded in the APEC Privacy Framework and requires participating businesses to comply with a comprehensive set of data protection standards that align with this framework.

These standards cover essential aspects of data privacy, including protection, accountability, transparency, and choice for individuals. The CBPR system not only bolsters consumer privacy but also aids in regional economic integration by enabling secure data transfers in compliance with established privacy norms. Certified companies are assessed by APEC-approved Accountability Agents, who verify adherence to CBPR's privacy practices.

As of now, several APEC member economies have joined the CBPR system, including the United States, Japan, Canada, South Korea, Singapore, Australia, Chinese Taipei, the Philippines, and Mexico. The inclusion of these members reflects the growing importance and recognition of CBPR as a standard for privacy practices in the Asia-Pacific. For businesses operating across these economies, CBPR certification represents a commitment to safeguarding personal information in the global digital economy.

To strictly comply with cross-border data regulations and better serve markets in various countries from Singapore, SHOPLINE has applied for and successfully obtained CBPR certification, adhering to the cross-border data requirements of different countries.

SHOPLINE CBPR

ISO/IEC 27001:2022

ISO/IEC 27001:2022 is a globally recognized security standard that sets out the guidelines for managing information security systems in an organization. It offers a structured approach to safeguarding company and customer data by conducting regular risk assessments. The 2022 version of the standard was released on October 24, 2022, by the International Organization of Standardization (ISO) and the International Electrotechnical Commission (IEC) through a joint subcommittee. This standard has been widely adopted and implemented worldwide to ensure the confidentiality, integrity, and availability of sensitive information.

SHOPLINE ISO/IEC 27001:2022
SHOPLINE ISO/IEC 27001:2022
SHOPLINE ISO/IEC 27001:2022