SHOPLINE is committed to providing users with safer services and improved compliance capabilities. The Compliance Center will introduce the responsibilities and obligations between SHOPLINE, customers, suppliers, and partners separately. In order to enable customers and the market to better understand SHOPLINE's compliance practices, we will gradually disclose SHOPLINE's compliance practices and service capabilities through third-party audit reports, based on the best practices in the industry. The success of our customers is SHOPLINE's best achievement, so please give us timely feedback on your compliance requirements, and we will continue to improve.
SHOPLINE aims to provide merchants with a “Software as a Service” platform (hereinafter referred to as “SHOPLINE” or the “Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.
When you visit our websites and use the Platform, we may collect and use personal information about you (including your employees and/or persons who act on your behalf). We may also collect and use personal information from your customers on your behalf under your entrustment if they visit or purchase on the SHOPLINE empowered store. We are fully aware of the importance of personal information to you and your customers (collectively the “Personal Data Subjects”) and we are committed to ensuring the integrity and security of the Platform.
We will collect and use your personal information provided by you voluntarily, generated when you use the Platform, and obtained by us from third parties, in accordance with the principles of legality, legitimacy and necessity. In general, we need this information for you to be able to use the Platform. Unless otherwise permitted by law, we will only collect and use personal information with your authorization. Please ensure that you have obtained explicit consent from your customers for you to use such personal information.
Content information you upload or publish on the Platform, including text, images, audio and video recordings, as well as the date, time and place of such information.
When you use this feature, we will ask for your authorization to use the camera, photo album, microphone and location permissions in your terminal device. You may choose whether or not to grant us such authorization. If you refuse, you will not be able to use this feature, but your use of other SHOPLINE features will not be affected.
If the content contains any personal information, please ensure that you have obtained the explicit consent of the Personal Data Subject.
Information your customers provide us about them, such as:
- Information your customers provide at the time of member registration, such as their name, email address, phone number and other information that you authorized to collect (such as birthday);
- Information your customers provide at the time of checkout, such as their name, email address, phone number, delivery information and payments information.
Browsing history, behavior data, and device information that we collect through “cookies” or similar technologies, such as network connection, IP address, and details how they browse the store.
We do not share personal information with any third parties unless one or more of the following circumstances exist:
In addition, almost all merchants will use non-SHOPLINE features or services when they use the Platform (including apps from Apps Store, payments gateways or logistics services providers). Please note that such features or services are provided by third parties. You shall read and understand the privacy policies and user agreements of third parties before providing any personal information to them. We are not responsible for the content of any third-party websites, and third-party policies on personal information and security measures.
We believe that you should be able to access and control your own personal information no matter where you live. You may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information (for example, direct marketing). You can access and correct your personal information directly through the “Personal Center” of SHOPLINE administrative panel. If you want to access or amend your other personal information, or encounter any difficulty in exercising the above right, you can contact us. To ensure security, we may request to verify your user identity before processing your request. Generally, your user identity will be verified and a reply will be provided within 15 business days upon receipt of your request.
In principle, we do not charge for your reasonable request. For repeating requests in a specific period of time, we reserve the right to charge you as appropriate; for requests that require excessive technical support (e.g., the need to develop a new system or fundamentally change existing practices) or entail other significant difficulties, we will provide you with alternatives.
You may terminate your SHOPLINE account in accordance with SHOPLINE Terms. You acknowledge and understand that you no longer have access to your SHOPLINE accounts and data relating to your SHOPLINE account once you terminate your SHOPLINE accounts. We will terminate your accounts after verifying your identity and agreeing with you on disposal of assets in your account. After termination, we will promptly delete your personal information or anonymize it unless it is necessary to retain your personal information according to any laws or regulations.
Please note that you shall respond directly to requests made by your customers (who are not our direct clients) relating to their personal information. Unless we receive a request from you for assistance, we may forward any request we receive from your customers to you or ask your customers to seek help directly from you.
We take your personal information security very seriously. We have adopted technical security measures, appropriate organizational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorized use, disclosure or amendment of your personal information.
We use encrypted transmission technologies such as SSL to protect the security of data transition and use appropriate protection mechanisms to prevent malicious data attacks. We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your end users' personal information from being accessed, disclosed, used or altered without authorization, or intentionally or accidentally damaged or lost. Meanwhile, we appoint data protection officers as required by laws and regulations and set up a working group for personal information protection. We have also established relevant internal control management processes to strictly limit access to personal information to personnel to the minimum on a “need-to-know” basis.
Please note that the Internet is not an absolutely secure environment. This means we cannot guarantee the absolute security of your personal information. We strongly suggest that you shall safeguard the security of your SHOPLINE account by using a secure and complex password. In the event of a personal information security incident, we will immediately activate the emergency plan, take remedial measures, record the incident, and report it in time in accordance with the applicable laws and regulations.
As we provide the Platform and SHOPLINE products and services to users in multiple jurisdictions, you acknowledge the information and data you provided to us may be transferred to, stored or processed outside of your country. In principle, we will store your personal information in Singapore. However, for statistical and analytical purposes, we may transfer your personal data to regions outside of Singapore. Nonetheless, we will ensure that your personal information is adequately protected as it is in the country or region where you are located and will use encryption in cross-border data transfer.
When you use the Platform and any SHOPLINE products and/or services, we will retain your and your customers’ personal information on behalf of you. We undertake that, we will only retain your and your customers’ personal information for such period as necessary to achieve the purposes as authorized by you and your customers hereunder, unless otherwise provided by law or regulation or otherwise authorized by the Personal Data Subjects.
If you terminate your SHOPLINE account or delete your information, or if we cease operation for whatever reasons, we will cease collecting your personal information and delete or anonymize the personal information we have collected, in accordance with laws and regulations.
A cookie is a small file stored in the Personal Data Subject’s computer, mobile phone or any other smart terminal device by the website server when it logs into the website or browses website content, usually containing identifiers, site names and some numbers and characters. When the Personal Data Subject visits the website again, the website can identify the browser of the Personal Data Subject through cookies. Cookies may store user preferences and other information.
When a Personal Data Subject uses our website, we may collect the device model, operating system, device identifier and login IP address information of the Personal Data Subject through cookies or similar technologies, as well as cache the browsing information and clicking information of the Personal Data Subject, so as to view the network environment of the Personal Data Subject. Cookies allow us to identify a Personal Data Subject when it visits the website, continuously optimize the user friendliness of the website and make adjustments to the website according to the needs of the Personal Data Subject. The Personal Data Subject can also change the settings of the browser so that the browser does not accept cookies on our website, but this may affect the Personal Data Subject’s use of some features of the website.
On SHOPLINE website, with the help of cookies and other similar technologies, we can identify whether a Personal Data Subject is our user or the user’s customers each time the Personal Data Subject uses the Platform, SHOPLINE services or the store empowered by SHOPLINE, without having to re-login and authenticate on each page.
Personal Data Subject can manage or delete certain categories of tracking technologies according to their own preferences. Many web browsers have a Do Not Track feature that sends a Do Not Track request to the website.
In addition to the controls we provide, a Personal Data Subject may choose to enable or disable cookies in their Internet browsers. Most Internet browsers also allow Personal Data Subject to choose whether to disable all cookies or only third-party cookies. By default, most Internet browsers accept cookies, but this can be changed. For more information, see the Help menu in your Internet browser or the documentation of your device.
On SHOPLINE website, a Personal Data Subject may delete existing tracking technologies by clearing the cache.
When a Personal Data Subject browses a webpage without logging in, we will collect cookies necessary to realize the browsing feature in order to provide relevant services to the Personal Data Subject.
Please note that if a Personal Data Subject refuses to use or remove the existing tracking technologies, it is necessary to personally change the user settings at each visit, and we may not be able to provide a quality user experience to the Personal Data Subject, and some feature may not be able to function properly
How to contact us
If you have any questions, opinions or suggestions about how we process your personal information, you may contact us as follows:
Customer service email：firstname.lastname@example.org
Data protection/security email：email@example.com
The applicable SHOPLINE Contracting Party (hereinafter referred to as “SHOPLINE”, “we” or “us”) aims to provide its customer (hereinafter referred to as “you”) a “Software as a Service” platform (hereinafter referred to as “SHOPLINE Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.
Terms not defined herein have the meanings set forth in the Agreement. The following words in this Addendum have the following meanings:
1) “Controller” means an entity which, alone or jointly with others, determines the purposes and means of the Processing of the Personal Data.
2) “Data Protection Laws” means all data protection or privacy laws, rules, regulations and guidelines applicable to the Processing of Personal Data under the Agreement, including but not limited to (i) the California Consumer Privacy Act (CCPA), (ii) General Data Protection Regulation 2016/679 (EU GDPR), (iii) Singapore’s Personal Data Protection Act 2012 (PDPA), (iv) UK GDPR or Data Protection Act 2018, and any legislation and/or regulation implementing or made pursuant to it, or which amends or replaces any of it, and any other applicable legislation.
3) “Data Subject Request” as used in this Addendum means a request for access, erasure, rectification, or portability of Personal Data (where the relevant individual has rights to make such requests under the applicable Data Protection Laws).
4) “Parties” means the parties to the Agreement.
5) “Personal Data” means any information relating to an identified or identifiable natural person, and any information categorized as personal data under applicable Data Protection Laws, which is Processed on the SHOPLINE Platform in the performance of the Agreement.
6) “Personal Data Breach” means a breach of security leading to the accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, copying, modification, disposal of, or access to, Personal Data Processed under this Addendum.
7) “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and “Process” and “Processed” shall be construed accordingly;
8) “Processor” means an entity which Processes the Personal Data on behalf of the Controller.
9) “Sub-processor” means any processor engaged by Processor to Process Personal Data on behalf of Controller.
1) The Parties agree that you shall be the Controller of your Personal Data, and SHOPLINE shall be the Processor of your Personal Data. In some cases, SHOPLINE may engage Sub-processors to process your Personal Data in accordance with Clause 6 below. For the avoidance of doubt, SHOPLINE shall never be considered a Controller of your Personal Data at any time.
2) SHOPLINE will Process your Personal Data in accordance with your documented instructions (which may be provided to us using the SHOPLINE Platform), this Addendum and the applicable Data Protection Laws. You agree that this Addendum, the Agreement and any subsequent statements of work or service orders, and any configurations by you and your authorized users, comprise your complete instructions to SHOPLINE regarding the Processing of Personal Data. Any additional or alternate instructions must be agreed between the Parties in writing, including the costs (if any) associated with complying with such instructions.
3) You represent and warrant that: i. you shall comply with the applicable laws, including Data Protection Laws , at all times;
ii. you shall obtain all rights, permissions or consents from the data subjects, to which your Personal Data relate, that are necessary for your and SHOPLINE’s lawful use of such Personal Data before Processing such Personal Data, disclosing or transferring the Personal Data to SHOPLINE through the SHOPLINE Platform and providing SHOPLINE with instructions to Process your Personal Data;
iii. your Processing of Personal Data in relation to the Agreement or receiving the Services under the Agreement shall not violate any applicable laws (including Data Protection Laws), or the rights of any party;
iv. any and all Processing of Personal Data that SHOPLINE carries out pursuant to your instructions with your Personal Data shall not cause SHOPLINE to violate any applicable laws (including Data Protection Laws), or the rights of any party;
v. you shall make reasonable effort to ensure that the Personal Data is accurate and complete before providing the same to SHOPLINE, and shall put in place adequate measures to ensure that the Personal Data in the SHOPLINE Platform or is otherwise in our possession remains accurate and complete;
vi. you are the Controller of your Personal Data;
vii. you shall indemnify SHOPLINE and its officers, employees, and agents, against all losses, liabilities, damages, costs (including all legal costs), claims, charges, expenses, actions, demands and proceedings which may be suffered or incurred by or made against SHOPLINE as a result of your breach of any representation or warranty in this Addendum, or any of your acts, omissions or negligence that cause or result in SHOPLINE being in breach of the applicable law, including Data Protection Laws.
4) SHOPLINE shall not be responsible for determining if your instructions are compliant with applicable laws, including any applicable Data Protection Laws. However, where SHOPLINE is of the opinion that your instructions may not be compliant with applicable Data Protection Laws, SHOPLINE shall notify you as soon as reasonably practicable and shall be entitled to mitigate its risk by not being required to comply with such non-compliant instructions; SHOPLINE shall not be liable or deemed to be in default or breach of the Agreement as a result of exercising its rights to mitigate its risk under this Clause.
5) You acknowledge and agree that you have the sole responsibility of complying with Data Protection Laws regarding the lawfulness of the collection and Processing of your Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to SHOPLINE and that your instructions to SHOPLINE in respect of any Processing of such Personal Data are compliant with applicable laws, including any applicable Data Protection Laws. SHOPLINE shall notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a supervisory authority relating to SHOPLINE’s Processing of your Personal Data.
1) SHOPLINE shall protect your Personal Data in SHOPLINE’s possession by implementing reasonable security measures (including, where appropriate, physical, administrative, procedural and information & communications technology measures) designed to help:
i. prevent unauthorised access, collection, use, disclosure, copying, modification, or disposal, of your Personal Data, or similar risks; and
ii. prevent the loss of any storage medium or device on which Personal Data is stored.
2) For the purposes of this Addendum, the Parties acknowledge and agree that the arrangements set out in the Agreement are “reasonable security arrangements” sufficient and adequate to satisfy applicable Data Protection Laws and you shall not claim that reasonable security arrangements have not been put in place provided that SHOPLINE meets the requirements set out in the Agreement.
3) You acknowledge and accept the risk of transferring data via the Internet, and that no data transmissions over the Internet can be guaranteed to be 100% secure. Data transmissions may be vulnerable to cyber hacking or any form of cybercrimes committed against SHOPLINE. Consequently, SHOPLINE cannot guarantee or warrant the security of any information you transmit to us and SHOPLINE hereby disclaims any and all liability resulting from or related to such events outside of SHOPLINE’s reasonable control; In no event shall SHOPLINE be liable for any damages (whether in contract or in tort) suffered by you that are attributable to such events.
Where SHOPLINE has reason to believe that a data breach has occurred in relation to your Personal Data that SHOPLINE is Processing on your behalf, we shall, without undue delay, notify you of the occurrence of the data breach.
1) To the extent lawfully required or permitted, SHOPLINE will promptly notify you if SHOPLINE directly receives a Data Subject Request to exercise their rights under any applicable Data Protection Laws. Subject to the applicable laws, SHOPLINE will implement reasonable technical and organizational measures to enable you to execute Data Subject Requests that you are obligated to fulfill.
2) To the extent required by applicable Data Protection Laws, SHOPLINE will provide reasonable assistance to you to carry out any data protection impact assessment in relation to the Processing of Personal Data undertaken by SHOPLINE and/or any required prior consultation(s) with supervisory authorities. SHOPLINE reserves the right to charge you a reasonable fee for the provision of such assistance.
You agree that SHOPLINE may use Sub-processors to fulfill its contractual obligations under the Agreement and this Addendum, or to provide certain Services on its behalf, such as providing support services. SHOPLINE’s use of any specific Sub-processor to Process the Personal Data shall be in compliance with Data Protection Laws and shall be governed by a contract between SHOPLINE and the Sub-processor that contains data protection obligations that provide at least the same level of protection for the Personal Data as the obligations in this Addendum.
1) Subject to this Clause 7, you acknowledge that SHOPLINE may make international transfers of Personal Data to places where SHOPLINE, its affiliates or its Sub-processors maintain data processing operations or facilities.
2) Where the PDPA is applicable, SHOPLINE shall not transfer Personal Data to a place outside Singapore unless it has taken appropriate steps to ensure that the recipient is bound by legally enforceable obligations to provide the Personal Data a standard of protection that is at least comparable to the protection under the PDPA, or it is able to rely on an exception under the PDPA.
1) Upon termination of the Services (for any reason) (and subject to any grace period during which we may continue to Process the data to allow you to download a copy of your data), SHOPLINE will cease to Process your Personal Data and shall delete or anonymize your Personal Data, subject to and in accordance with the applicable laws and regulations (including any applicable laws and regulations which require SHOPLINE to retain a copy of your Personal Data for record-keeping, compliance and legal purposes). The Parties agree to adhere to the data deletion mechanism as set out in the Agreement.
2) SHOPLINE shall not retain Personal Data or documents containing Personal Data for any period of time longer than is necessary to serve the purposes for which that Personal Data was collected for or for legal or business purposes. You acknowledge that SHOPLINE relies on you to provide lawful instructions on the retention of Personal Data and you acknowledge and agree that Clauses 2(3) and 2(4) of this Addendum apply equally to the retention of any Personal Data.
If any provision of this Addendum is held to be prohibited by, invalid or unenforceable under any applicable law, such provision shall be ineffective only to the extent of such prohibition , invalidity, or unenforceability, without affecting the remainder of this Addendum (which shall remain in full force). The Parties shall make a good faith effort to replace the invalid or unenforceable provision with a valid one that conforms as much as possible to the original intent of the Parties.
(1) Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement.
2) SHOPLINE may update the terms of this Addendum from time to time, and such update shall form part of this Addendum. If you do not agree with the updated Addendum, you may stop using our Services or terminate your SHOPLINE account. However, please note that this Addendum shall still apply to you until you effectively terminate your SHOPLINE account or cease using our Services.
The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations or companies that accept or handle credit card payments.
This standard helps to create a secure environment and develop a robust payment card data security process, to better control cardholder data – including prevention, detection and appropriate reaction to security incidents, thus reducing credit card fraud.
Yes, SHOPLINE PAYMENT is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a Level 1 Service Provider.
Both SHOPLINE PAYMENT’s payment processors and SHOPLINE PAYMENT are PCI compliant.
SHOPLINE PAYMENT stores the data entered in the merchant’s checkout fields, such as name, address, country, and so on. This data is separate from the billing field data, such as the card number, cardholder name and card expiration date.
For SHOPLINE PAYMENT’s service provider PCI DSS Attestation of Compliance (AoC*), please contact your Merchant Success.
*The AOC is a form for SHOPLINE PAYMENT to attest to the results of its annual PCI DSS compliance assessment, and it is a highly confidential and privileged document.
For more information about PCI compliance, please click here.