Updated and Effective as of 22 August, 2023


SHOPLINE aims to provide merchants (hereinafter referred to as "you" or"merchants") a “Software as a Service” platform (hereinafter referred to as “SHOPLINE” or the “Platform”) with all-in-one solutions for website building, leads generation, payments, logistics and other e-commerce related services.

When you visit our websites and use the Platform, we may collect and use personal information about you (including your employees and/or persons who act on your behalf). We may also collect and use personal information from your customers on your behalf under your entrustment if they visit or purchase on the SHOPLINE empowered store. We are fully aware of the importance of personal information to you and your customers (collectively the “Personal Data Subjects”) and we are committed to ensure integrity and security of the Platform.

This SHOPLINE Privacy Policy (hereinafter referred to as “Privacy Policy”) is formulated in accordance with the applicable law and regulations. We hope that The Privacy Policy will help you to understand why, what and how we collect, use, store, share, transfer and disclose personal information in the process of providing SHOPLINE products/services, as well as the purpose, method, scope, and information security protection measures;  how the Personal Data subject realizes the rights and methods of managing its personal information. You shall carefully read and thoroughly understand the Privacy Policy before using this platform, and use the relevant products and/or services of the platform after confirming your full understanding and consent.You shall immediately stop using this platform and any SHOPLINE services if you do not agree with any content of this policy. In order to help you read and understand, we set out key definitions in the appendix to this Privacy Policy. Please pay special attention to the following important notes:

  1. SHOPLINE primarily provides services to you, our merchants, to facilitate your e-commerce business. If you use any SHOPLINE services to support your store, in order to provide relevant SHOPLINE services to you, we may, on behalf of you and under your entrustment, collect the personal information of your customers who visit or place an order on the store, and process such personal information as directed by you. Legally speaking, we are a “data processor” and we act so in accordance with the agreement we entered with you as well as this Privacy Policy. You, as the personal data controller, assume all responsibilities towards its customers. Because you decide how the personal information of your customers will be used, you need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information. You should do this by, at a minimum, posting a privacy policy on your store that describes the information you collect, how you use it, and who you share it with. It is  your sole responsibility to respond to queries and requests from your customers with regard to how you process their personal information. If the customers have questions about how a specific merchant or store uses and process their information, please visit their privacy policy.
  2. Important contents are bolded for your special attention. Sensitive personal information is highlighted in bold and italic. Please pay special attention when reading. Before providing us with any sensitive personal information, you acknowledge that you have considered and confirmed to provide such information as appropriate. You hereby agree that your sensitive personal information maybe processed for the purposes and in the manner described in this Privacy Policy.
  3. SHOPLINE only provides services to users aged 18 and above. We do not collect information from or provide any products and/or services on the Platform to minors under the age of 18. Before using our products and/or services, please confirm that you meet the age requirements and have carefully read and understand the details of this Privacy Policy. We will not knowingly collect personal information from minors under the age of 18. If you find that we have inadvertently collected personal information from minors, please notify us immediately and we will try to delete the relevant data as soon as possible.
  4. There are multiple ways for you to exercise rights over your personal information, including but not limited to accessing or correcting your personal information, deleting your personal information, closing your account, withdrawing your consent and getting responses in time, so as to ensure your control over your personal information.

This Privacy Policy will help you understand the following:

1.   What we collect and how we use personal information

2.   How we use “cookies” and other similar tracking technologies

3.   How we process, share, transfer and disclose personal information

4.   How you exercise right over your personal information

5.   How we retain and protect personal information

6.   How we update this Privacy Policy

7.   How to contact us

8.   Definitions

9.   SHOPLINE APP permission acquisition list

10. Third-party information sharing list

1.   What we collect and how we use personal information

In order to achieve the purposes as set forth in this Privacy Policy, we will collect and use your personal information provided by you voluntarily, generated when you use the Platform, and obtained by us from third parties, in accordance with the principles of legality, legitimacy and necessity. Unless otherwise permitted by law, we will only collect and use personal information with your authorization. Please ensure that you have obtained explicit consent from your customers for you to use such personal information.

You understand that the features of the Platform or any SHOPLINE products and/or services may update and evolve with development of business strategies. If we will collect or use the personal information for any purposes other than those specified in this Privacy Policy, we will inform you with reasonable notice and obtain your consent before collecting or using such personal information.

Information we collect
Purposes for which we process Personal Data
Legal basis
· Information you provide to us about you and your employees or authorised persons, such as your business name, email address, phone number, registration number, VAT number, and log-in password.
To provide you with the Platform or other services (i.e. open an account, contact you about issues with the Platform).

To test out features or additional services.

To assist with marketing, advertising, or other communications.
· Legitimate Interests (to run our business, to manage our relationship with you, to provide support);
· Performance of our contract with you;
· Compliance with a legal obligation.
· Information we collect about our logistics partners, such as employee contact details.
To provide you with the Platform or other services.
· Legitimate Interests (to run our business, to manage our relationship with these partners).
Payment or billing information you provide us, such as your credit card number,debit card number or bank account number, and your billing records.
To provide you with the Platform  or other services.
To charge you relevant services  fees upon your authorisation, and to assist you to check billing records.
· Performance of our contract with you;
· Legitimate Interests (to manage our relationship with you, to recover debts due to us);
· Compliance with a legal obligation.
Customer support communications that you send us in the event of encountering an issue.
To provide support and address any issues relating to the Platform.
· Legitimate Interests (to manage our relationship with you and provide support)
We also collect the following via cookies or similar technologies: device information,including your (and those of your employees and authorised persons) frequently used personal devices, including the IP address, device model, device identification number, operating system, resolution, and telecom operator; and log information, including network diagnosis, lag information, click events,click records, browsing history on the Platform and potentially unsafe URLs (“Usage Data").
To provide you with the Platform or other services.

To prevent fraudulent activity on the Platform.

To test out features or additional services.

To assist with marketing,advertising, or other communications.
·  Legitimate Interests (to prevent fraud, to provide an effective service,to improve the Platform);
·  Consent.
We collect Usage Data and other information uploaded by you for analytics.
To improve and optimise Platform performance.

To test out features or additional services.

To assist with marketing, advertising, or other communications.
· Legitimate Interests (to improve our Platform);
· Consent.
Processing of personal information to carry out KYC and transaction monitoring, including contact details, address, business identification number, bank account information, and information about your directors, senior management and shareholders, (if you are an individual business owner) your personal identification number, any identifiers associated with your hardware, your store and SHOPLINE application history as well as operation and transaction information of your store.
Know Your Customer (KYC) checks
· Compliance with a legal obligation; · Legitimate Interests (to run our business in a legally compliant manner).
Processing of the personal information we hold about you as required or permitted by applicable law to comply with a legitimate disclosure request.
Disclosures to law enforcement, government, and national security authorities.
· Compliance with a legal obligation;
· Legitimate Interests (in the context of law enforcement).
The personal information we hold about you.
As required for the purpose of any reorganisation of our business or corporate transaction we enter into.
· Legitimate Interests (in the context of a business reorganisation).
Sensitive personal information, which may include: Government-issued identifiers, including social security, driver’s license, state identification card, or passport number; Your device’s precise location (your billing address or contact address if your are an individual merchant); Information you voluntarily disclose that may reveal certain characteristics about you, such as your racial or ethnic origin or sexual orientation. The contents of email messages in the email inboxes that you connect to your SHOPLINE account, and information from website chat box for customer service.
To provide you with the Platform or other services (i.e. open an account, contact you about issues with the Platform).

To provide support and address any issues relating to the Platform.
· Legitimate Interests (to run our business, to manage our relationship with you, to provide support);
· Consent

3.   What is our legal basis for processing your personal information

We will only use your personal information when the law allows us to. In respect of each of the purposes for which we use your personal information. Most commonly, we will use your personal information in the following circumstances. We have set out our specific purposes and associated legal bases in more detail in table format above.

  • Where we need to perform a contract,we are about to enter into or have entered into with you (“Performance of our contract with you”);
  • Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests ("Legitimate Interests"). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal information for is set out in the table above;
  • Where we need to comply with a legal or regulatory obligation (“Compliance with a legal obligation”);and
  • Where we have your specific consent to carry out the processing for the purpose in question (“Consent”).

4.   When we share, transfer and disclose personal information

We may share your personalinformation with the following parties for the purposes set out in the tableunder section 2 above:

Certain features of the Platform may be provided by our third-party partners, and we may entrust partners (including technical service providers) with the processing of certain personal information of the Personal Data Subjects.  For example, if you use the auto-payments feature, we may ask third-party payments companies to process your credit card information so that to charge you relevant services fee as directed by you; if you use SHOPLINE Payments, we may ask third-party services providers which can facilitate us in “Know Your Client” (“KYC") and transaction monitoring and risk management, to process your and your customers’ personal information.  

In addition, in order to provide the Platform to you, we may use service providers. These service providers process your personal information as our data processors, on the basis of our instructions pursuant to a written agreement and we do not allow them to use your personal information for their own purposes.

(a) Affiliates – we share personal information with our affiliates to help provide services to you or analyse / improve the Platform.

(b) Third-party partners – we share personal information with business partners, i.e. when our Platform is integrated with third-party e-commerce platforms / services.

(c) Social Networking Sites – we may share personal information, at your direction, with website plugins and social media platforms, e.g. to log into your account.

(d) Third-party service providers –we share personal information with partners that perform services on our behalf, such as logistics providers.

(e) Payment processing companies– we share personal information with payment processors to administer payment.

(f) In connection with a business reorganisation or an asset or share sale or purchase – we will share personal information with the prospective buyer or seller as the case may be.

(g) To comply with legal requirements – we share personal information if determined reasonably necessary to comply with the law, or as permitted by applicable law in order to comply with a legitimate disclosure request.

Merchants may use non-SHOPLINE features or services when they use the Platform (including apps, payments gateways or logistics services providers). Please note that such features or services are provided directly by third parties. This Privacy Policy does not apply to such third-party features and services.  Any information you provide to third-party websites or services will be provided directly to the network operators of these services.  Even if you access through the Platform, you must read and understand the applicable privacy policies and user agreements (if any) of these third parties.  We are not responsible for the content of any third-party websites, and third-party policies on personal information and security measures.  You should read and understand the privacy policies and user agreements of third parties before providing any personal information to them.

5.   International transfers

Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries.

Some of our third-party partners are also based outside the United States so their processing of your personal information may involve a transfer of data outside the United States.

Whenever we transfer your personal information out of the United States, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data; or
  • We will take measures to comply with applicable data protection laws related to such transfers and use appropriate transfer solutions for any transfers of data outside the United States.

6.   Automated decision-making

If we deploy automated technologies which give rise to automated decision-making about you,we will either: (1) have a human being involved in the process; or (2) use these technologies in ways that don’t have legal or similarly significant effects.

7.   How you exercise rights over your personal information

You have the right to, at any time:

  • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information.This enables you to ask us to suspend the processing of your personal information in the following scenarios:

         o       If you want us to establish the data’s accuracy;

          o       Where our use of the data is unlawful but you do not want us to erase it;

        o     Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; and

          o       You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal information to you or to a third party.We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information.However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us at

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8.   How we retain and protect personal information

(1)  Retention period

We will only retain your personal information for such period as necessary to achieve the purposes described in this Privacy Policy, unless otherwise required by law or regulation.

To determine the appropriate retention period for personal information, we consider the amount,nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers(including contact and financial data) for six (6) years after they cease being customers for tax purposes.

In some circumstances, you can ask us to delete your data.Please see your legal rights above for further information.

(2) Protection of personal information

We take personal information security very seriously.  We have adopted technical security measures, appropriate organisational structure and management system and other protections in line with industry standards to prevent leak, damage, misuse, unauthorised use, disclosure or alteration of your personal information, including:

     (a) Technical measures for data security

In order to ensure the security of your personal information , we strive to take all reasonable technical measures to protect personal information, so that you and your customers’personal information will not be leaked, damaged, destroyed, or lost.  We use encrypted transmission technologies such as SSL to protect the security of data transmission and use appropriate protection mechanisms to prevent malicious data attacks.  We adopt an encrypted storage and data permission control mechanism for personal information to prevent your and your customers’personal information from being accessed, disclosed, used or altered without authorisation, or intentionally or accidentally damaged or lost.

     (b) Organisational and management measures for data security

We have established internal policies for the safe use of data and implement strict management rules for employees or contractors who may have access to your and your customers’ information, including but not limited to implementing different access controls for different roles, signing confidentiality agreements with them, and monitoring their operations.

We provide employees with training on security and privacy protection and require them to complete assessments, in order to enhance their awareness of the importance of personal information protection.

     (c) Contractual obligations for data security

We will require our partners to sign a data processing agreement or set out data protection compliant terms, as required by Article 28 of UK GDPR, in a contractual agreement signed by both parties, which stipulates those partners’ obligations, including to ensure that the use and transfer of personal information shall satisfy our requirements and is subject to our review, instructions and audit rights, and in the event of any breach, we will hold the processor partner legally liable to the extent it has not complied with the UK GDPR’s processor obligations or has acted outside or contrary to our lawful instructions.

     (d) Handling of security incident

In the event of a personal information security incident, we will activate the emergency plan, take remedial measures, record the incident, and report it in time in accordance with the applicable laws and regulations. If the security incident may cause serious damage or pose high risk to the legitimate rights and freedoms of you and/or your customers, such as the unauthorised disclosure of sensitive personal information, we will inform you of the security incident and its possible impact, the measures we have taken or are about to take, risk prevention and mitigation we recommend for you, the remedies we provide to you and/or your customers, and our contact.  We will promptly inform you of the above by email, letter, telephone or notification. When it is difficult to inform the Personal Data Subject one by one, we will issue a warning notice in a reasonable and effective way.

Please note that the Internet is not an absolutely secure environment. We strongly suggest that you safeguard security of your SHOPLINE account by using a secure and complex password.  If you find that your personal information, especially your account number or password, has been leaked, please contact us immediately using the methods provided in this Privacy Policy, so that we can take appropriate measures to protect your information.

9.   How we update this Privacy Policy

We may update the terms of this Privacy Policy from time to time, and such updates shall form part of this Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we are using and protecting information that we collect. This Privacy Policy was last updated August 21, 2023.

In the event of significant or material changes, we will notify you in a prominent manner as appropriate.

10.   Definitions

You: the registered seller user / merchant who uses the SHOPLINE Platform or other services, and its employees/developers/other persons authorised to operate the Platform.

Personal information(personal data): means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic,cultural or social identity of that natural person.

Sensitive personal information (special categories of personal data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

Deletion: the act of removing personal information from the system involved in the provision of routine service functions, so that it cannot be retrieved or accessed.

11.   Third-party information sharing list

When you use the services provided by a third party, we will share the corresponding information after obtaining or ensuring that the third party obtains your authorization and consent, as well as other cases in compliance with laws and regulations.  You can know how the third party will deal with your personal information through the relevant information listed.  We will also strictly restrict the third party’s access to personal information to protect the security of your personal information.

We may also access the software development kit (SDK) provided by a third party to achieve to ensure the stable operation of the platform or realize relevant functions.  Our access-related third-party SDKs are also listed in the following list.  You can view the data use and protection rules of third-party through the links or paths provided in the directory.  Please note that the type of personal information processing of third-party SDK may change due to version upgrades, policy adjustments, and other reasons.  Please follow the official instructions published by it.

Start free trial