The applicable SHOPLINE Contracting Party (hereinafter referred to as “SHOPLINE”, “we” or “us”) aims to provide its customer (hereinafter referred to as “you”) a “Software as a Service” platform (hereinafter referred to as “SHOPLINE Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.
This Addendum(“Addendum”) shall become legally binding between yourself and SHOPLINE, and shall supplement our Terms and Conditions, Privacy Policy and any and all agreements we have with you governing our Services (collectively, the “Agreement”).
Terms not defined herein have the meanings set forth in the Agreement. The following words in this Addendum have the following meanings:
1) “Controller” means an entity which, alone or jointly with others, determines the purposes and means of the Processing of the Personal Data.
2) “Data Protection Laws” means all data protection or privacy laws, rules, regulations and guidelines applicable to the Processing of Personal Data under the Agreement, including but not limited to (i) the California Consumer Privacy Act (CCPA), (ii) General Data Protection Regulation 2016/679 (EU GDPR), (iii) Singapore’s Personal Data Protection Act 2012 (PDPA), (iv) UK GDPR or Data Protection Act 2018, and any legislation and/or regulation implementing or made pursuant to it, or which amends or replaces any of it, and any other applicable legislation.
3) “Data Subject Request” as used in this Addendum means a request for access, erasure, rectification, or portability of Personal Data (where the relevant individual has rights to make such requests under the applicable Data Protection Laws).
4) “Parties” means the parties to the Agreement.
5) “Personal Data” means any information relating to an identified or identifiable natural person, and any information categorized as personal data under applicable Data Protection Laws, which is Processed on the SHOPLINE Platform in the performance of the Agreement.
6) “Personal Data Breach” means a breach of security leading to the accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, copying, modification, disposal of, or access to, Personal Data Processed under this Addendum.
7) “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and “Process” and “Processed” shall be construed accordingly;
8) “Processor” means an entity which Processes the Personal Data on behalf of the Controller.
9) “Sub-processor” means any processor engaged by Processor to Process Personal Data on behalf of Controller.
1) The Parties agree that you shall be the Controller of your Personal Data, and SHOPLINE shall be the Processor of your Personal Data. In some cases, SHOPLINE may engage Sub-processors to process your Personal Data in accordance with Clause 6 below. For the avoidance of doubt, SHOPLINE shall never be considered a Controller of your Personal Data at any time.
2) SHOPLINE will Process your Personal Data in accordance with your documented instructions (which may be provided to us using the SHOPLINE Platform), this Addendum and the applicable Data Protection Laws. You agree that this Addendum, the Agreement and any subsequent statements of work or service orders, and any configurations by you and your authorized users, comprise your complete instructions to SHOPLINE regarding the Processing of Personal Data. Any additional or alternate instructions must be agreed between the Parties in writing, including the costs (if any) associated with complying with such instructions.
3) You represent and warrant that:
i. you shall comply with the applicable laws, including Data Protection Laws , at all times;
ii. you shall obtain all rights, permissions or consents from the data subjects, to which your Personal Data relate, that are necessary for your and SHOPLINE’s lawful use of such Personal Data before Processing such Personal Data, disclosing or transferring the Personal Data to SHOPLINE through the SHOPLINE Platform and providing SHOPLINE with instructions to Process your Personal Data;
iii. your Processing of Personal Data in relation to the Agreement or receiving the Services under the Agreement shall not violate any applicable laws (including Data Protection Laws), or the rights of any party;
iv. any and all Processing of Personal Data that SHOPLINE carries out pursuant to your instructions with your Personal Data shall not cause SHOPLINE to violate any applicable laws (including Data Protection Laws), or the rights of any party;
v. you shall make reasonable effort to ensure that the Personal Data is accurate and complete before providing the same to SHOPLINE, and shall put in place adequate measures to ensure that the Personal Data in the SHOPLINE Platform or is otherwise in our possession remains accurate and complete;
vi. you are the Controller of your Personal Data;
vii. you shall indemnify SHOPLINE and its officers, employees, and agents, against all losses, liabilities, damages, costs (including all legal costs), claims, charges, expenses, actions, demands and proceedings which may be suffered or incurred by or made against SHOPLINE as a result of your breach of any representation or warranty in this Addendum, or any of your acts, omissions or negligence that cause or result in SHOPLINE being in breach of the applicable law, including Data Protection Laws.
4) SHOPLINE shall not be responsible for determining if your instructions are compliant with applicable laws, including any applicable Data Protection Laws. However, where SHOPLINE is of the opinion that your instructions may not be compliant with applicable Data Protection Laws, SHOPLINE shall notify you as soon as reasonably practicable and shall be entitled to mitigate its risk by not being required to comply with such non-compliant instructions; SHOPLINE shall not be liable or deemed to be in default or breach of the Agreement as a result of exercising its rights to mitigate its risk under this Clause.
5) You acknowledge and agree that you have the sole responsibility of complying with Data Protection Laws regarding the lawfulness of the collection and Processing of your Personal Data prior to disclosing, transferring, or otherwise making available, any Personal Data to SHOPLINE and that your instructions to SHOPLINE in respect of any Processing of such Personal Data are compliant with applicable laws, including any applicable Data Protection Laws. SHOPLINE shall notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a supervisory authority relating to SHOPLINE’s Processing of your Personal Data.
1) SHOPLINE shall protect your Personal Data in SHOPLINE’s possession by implementing reasonable security measures (including, where appropriate, physical, administrative, procedural and information & communications technology measures) designed to help:
i. prevent unauthorised access, collection, use, disclosure, copying, modification, or disposal, of your Personal Data, or similar risks; and
ii. prevent the loss of any storage medium or device on which Personal Data is stored.
2) For the purposes of this Addendum, the Parties acknowledge and agree that the arrangements set out in the Agreement are “reasonable security arrangements” sufficient and adequate to satisfy applicable Data Protection Laws and you shall not claim that reasonable security arrangements have not been put in place provided that SHOPLINE meets the requirements set out in the Agreement.
3) You acknowledge and accept the risk of transferring data via the Internet, and that no data transmissions over the Internet can be guaranteed to be 100% secure. Data transmissions may be vulnerable to cyber hacking or any form of cybercrimes committed against SHOPLINE. Consequently, SHOPLINE cannot guarantee or warrant the security of any information you transmit to us and SHOPLINE hereby disclaims any and all liability resulting from or related to such events outside of SHOPLINE’s reasonable control; In no event shall SHOPLINE be liable for any damages (whether in contract or in tort) suffered by you that are attributable to such events.
Where SHOPLINE has reason to believe that a data breach has occurred in relation to your Personal Data that SHOPLINE is Processing on your behalf, we shall, without undue delay, notify you of the occurrence of the data breach.
1) To the extent lawfully required or permitted, SHOPLINE will promptly notify you if SHOPLINE directly receives a Data Subject Request to exercise their rights under any applicable Data Protection Laws. Subject to the applicable laws, SHOPLINE will implement reasonable technical and organizational measures to enable you to execute Data Subject Requests that you are obligated to fulfil.
2) To the extent required by applicable Data Protection Laws, SHOPLINE will provide reasonable assistance to you to carry out any data protection impact assessment in relation to the Processing of Personal Data undertaken by SHOPLINE and/or any required prior consultation(s) with supervisory authorities. SHOPLINE reserves the right to charge you a reasonable fee for the provision of such assistance.
You agree that SHOPLINE may use Sub-processors to fulfil its contractual obligations under the Agreement and this Addendum, or to provide certain Services on its behalf, such as providing support services. SHOPLINE’s use of any specific Sub-processor to Process the Personal Data shall be in compliance with Data Protection Laws and shall be governed by a contract between SHOPLINE and the Sub-processor that contains data protection obligations that provide at least the same level of protection for the Personal Data as the obligations in this Addendum.
1) Subject to this Clause 7, you acknowledge that SHOPLINE may make international transfers of Personal Data to places where SHOPLINE, its affiliates or its Sub-processors maintain data processing operations or facilities.
Singapore
2) Where the PDPA is applicable, SHOPLINE shall not transfer Personal Data to a place outside Singapore unless it has taken appropriate steps to ensure that the recipient is bound by legally enforceable obligations to provide the Personal Data a standard of protection that is at least comparable to the protection under the PDPA, or it is able to rely on an exception under the PDPA.
1) Upon termination of the Services (for any reason) (and subject to any grace period during which we may continue to Process the data to allow you to download a copy of your data), SHOPLINE will cease to Process your Personal Data and shall delete or anonymize your Personal Data, subject to and in accordance with the applicable laws and regulations (including any applicable laws and regulations which require SHOPLINE to retain a copy of your Personal Data for record-keeping, compliance and legal purposes). The Parties agree to adhere to the data deletion mechanism as set out in the Agreement.
2) SHOPLINE shall not retain Personal Data or documents containing Personal Data for any period of time longer than is necessary to serve the purposes for which that Personal Data was collected for or for legal or business purposes. You acknowledge that SHOPLINE relies on you to provide lawful instructions on the retention of Personal Data and you acknowledge and agree that Clauses 2(3) and 2(4) of this Addendum apply equally to the retention of any Personal Data.
If any provision of this Addendum is held to be prohibited by, invalid or unenforceable under any applicable law, such provision shall be ineffective only to the extent of such prohibition , invalidity, or unenforceability, without affecting the remainder of this Addendum (which shall remain in full force). The Parties shall make a good faith effort to replace the invalid or unenforceable provision with a valid one that conforms as much as possible to the original intent of the Parties.
1) Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement.
2) SHOPLINE may update the terms of this Addendum from time to time, and such update shall form part of this Addendum. If you do not agree with the updated Addendum, you may stop using our Services or terminate your SHOPLINE account. However, please note that this Addendum shall still apply to you until you effectively terminate your SHOPLINE account or cease using our Services.
