Privacy Policy
Updated and effective on July 17, 2024
Introduction
GTO data sync is a App designed for merchants (“You” or “Merchant”) to help Shopline POS merchants synchronize GTO files to shopping mall (“GTO data sync”or “App”).
We understand the importance of personal information to you (collectively, “Personal Information Subjects”) and are committed to maintaining the security of information on our App. We have established a Privacy Policy (“this Privacy Policy”) by applicable laws and regulations and undertake to comply with the relevant data privacy law in the relevant jurisdictions. Before using the App, please read and thoroughly understand this Privacy Policy, and use the products and/or services related to the App after confirming that you fully understand and agree to it. If you do not agree with any of the contents of this Policy, you should immediately stop using the App. For your convenience and understanding, please refer to the definitions of key terms in the Appendix to this Privacy Policy. The following are special tips for you to focus on.
This policy will help you understand the following.
I. How we collect and use personal information
II. How we use cookies and other similar tracking technologies
III. How we entrust, share, transfer and disclose personal information
IV. How you can have the power to manage your personal information
V. How we save and protect personal information
VI. How to update this privacy policy
VII. How to contact us
VIII. Keyword Definition
I. How we collect and use personal information
We will only collect and use personal information with your consent or authorization. You understand that the features of the App will not collect your personal information unless the following circumstance. If we want to use the relevant personal information for other purposes not described in this policy or to collect or use the personal information of the relevant personal information subject for other specific purposes, we will reasonably inform you and obtain your consent before collection or use.
| The information we collect | Purpose of Information Collection and Usage Scenarios |
| The personal information you provide to us about yourself and your employees or authorized persons, such as names, email addresses, phone numbers, and other personal information you provided. | To provide you with information related to the use and the customer service of the App (such as contacting you regarding the use of or problems with the App) and to promote new features or services of the App to you. |
The exception of consent with authorization
By applicable laws and regulations, the consent of the subject of personal information is not required for the collection and use of it in the following cases.
(1) Related to the fulfillment of obligations under laws and regulations.
(2) Directly related to national security, national defense security.
(3) Directly related to public safety, public health, and significant public interest.
(4) Directly related to a criminal investigation, prosecution, trial, and enforcement of judgments.
(5) To protect the life, property, and other significant legal rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the consent of their authorization.
(6) The personal information involved is disclosed to the public by the subject itself.
(7) Necessary for the conclusion and performance of contracts according to the requirements of the subject of personal information.
(8) Personal information is collected from information that is lawfully and publicly disclose.
(9) Necessary to maintain the safe and stable operation of our App, such as the detection and disposal of malfunctions of our App products and/or services.
(10) Other circumstances as provided for by law and regulations.
II. How we use cookies and other similar tracking technologies
(i) What are Cookies
A cookie is a small file that is stored by a web server on a personal information subject’s computer, cell phone, or other smart terminal devices when the subject of personal information logs on to a website or views web content, usually containing identifiers, site names and some numbers and characters. Cookies may store user preferences and other information.
(ii) How to use cookies
When a subject of personal information uses our website, we may collect his or her device model, operating system, device identifier, and login IP address information, as well as cache his or her browsing and click information to check his or her network environment through cookies or similar technologies. Through cookies, we can identify the identity of the personal information subject when he/she visits the website, continuously optimize the user-friendliness of the website, and adjust the website according to their needs. The personal information subject can also change the settings of the browser so that the browser does not accept cookies from our website, but this may affect his or her use of some of the website’s functions.
In GTO data sync, with the help of cookies and other similar technologies, we can identify whether a personal information subject is one of our users each time they use our products and/or services, without having to log in and verify again on each page.
(iii) How to manage cookies
Personal information subjects can manage or remove certain types of tracking technologies according to their preferences. Many web browsers have a “Do Not Track” feature, which sends a “Do Not Track” request to a website.
In addition to the controls we provide, the personal information subject can choose to enable or disable cookies in the Internet browser. Most Internet browsers also allow the personal information subject to choose whether to disable all cookies or only third-party cookies. By default, most Internet browsers accept cookies, but this can be changed. For more information, please refer to the help menu in the Internet browser or the documentation that came with the device.
The following links provide instructions on how to control cookies in all major browsers.
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- IE: https://support.microsoft.com/en-us/help/260971/description-of-cookies
- Safari (desktop version): https://support.apple.com/kb/PH5042?locale=en_US
- Safari (mobile version): https://support.apple.com/en-us/HT201265
- Firefox Streamer: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US& redirectslug=Cookies
- Opera: https://www.opera.com/zh-cn/help
If the personal information subject uses another browser, please refer to the documentation provided by the browser manufacturer.
In GTO data sync, personal information subjects can delete existing tracking technologies by clearing the cache.
When a personal information subject is browsing a page in a non-logged-in state, we collect cookie information necessary to implement the browsing function to provide the corresponding service to the personal information subject.
Please be aware that if a personal information subject refuses to use or clear existing tracking technology, the user settings will need to be changed personally at each visit, and we may not be able to provide a better experience to the personal information subject and some features may not function properly.
III. How we entrust, share, transfer and disclose personal information
(i) Sharing
We do not share personal information with any third party unless one or more of the following circumstances exist.
(1) Based on the personal information subject’s request, or with their prior express authorization or consent.
(2) In connection with the performance of our obligations under laws and regulations.
(3) Directly related to national security, national defense security.
(4) Directly related to public safety, public health, and significant public interest.
(5) Directly related to a criminal investigation, prosecution, trial, and enforcement of judgments
(6) To protect the life, property, and other significant legal rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the person’s consent.
(7) The personal information involved is disclosed to the public by the subject itself.
(8) The personal information involved is collected from lawful public disclosures.
(9) Sharing with Affiliates: To provide you with GTO data sync products and/or services, to recommend information that may be of interest to you, to identify user account anomalies, and to protect the personal property of GTO data sync affiliates or other users or the public from harm, you understand and agree that personal information about you may be shared with our affiliates. We will only share personal information as necessary and subject to the purposes stated in this policy, and we will seek your authorization again if we share sensitive personal information or if an affiliate changes the purpose for which personal information is used and processed.
(10) Sharing with Third-Party Partners: We will only share personal information for lawful, legitimate, necessary, specific, and identifiable purposes, and only to the extent necessary to provide services to you. We do not share personal information that identifies its subject unless otherwise required by law or regulation.
(ii) Transferring
In principle, we do not transfer control of personal information to any third party, except:
(1) Based on the personal information subject's request, or with your prior express authorization or consent.
(2) In connection with the performance of our obligations under laws and regulations;
(3) Directly related to national security or national defense;
(4) Directly related to public safety, public health, and vital public interests;
(5) Directly related to criminal investigations, prosecutions, trials, and enforcement of judgments, etc.;
(6) To safeguard the life, property, and other major legitimate rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the consent of the person's authorization;
(7) The personal information is disclosed to the public by the subject of personal information;
(8) The collection of personal information is from information that is lawfully and publicly disclosed; or
(9) Transfer of personal information in the event of acquisition, merger, reorganization, bankruptcy, or change of the operating entity of the company.
Please be informed that if there is a need to transfer the information for the above reasons, we will inform you of the purpose, type, and transferee of the information (if sensitive information is involved, we will also inform you of the content of the sensitive information involved) before the transfer, and we will transfer the information after obtaining your consent unless otherwise provided by laws and regulations. The changed operator will continue to fulfill its responsibilities and obligations under this Privacy Policy. If we go bankrupt or cease operations and there is no successor, we will delete or anonymize your personal information.
(iii) Public Disclosure
In principle, we will not release personal information about you to the public or unspecified groups of people, except as required by contract with you or by applicable law or regulation.
IV. How you can have the power to manage your personal information
(i) Access and correction of personal information
If you wish to access or correct other personal information about yourself, you may contact us and we will respond to your request promptly after verifying your identity, except as otherwise provided by law or regulation or as otherwise agreed in this Policy.
(ii) Deletion of personal information
You may contact us to request the deletion of your personal information in the following circumstances, except where data anonymization has been performed or where otherwise required by law or regulation.
(1) We collect and use personal information in violation of the law, administrative regulations, or the agreement with you.
(2) If we share or transfer personal information to a third party in violation of laws and regulations or violation of our agreement with you, we will immediately stop the sharing or transfer and notify the third party of its deletion promptly.
(3) You terminate your use of the App, including through cancellation.
(4) Other circumstances stipulated by laws and regulations.
(iii) Response to requests
To fulfill your rights as a user as described in this section, or if you have any questions, complaints, comments, or suggestions, you may contact us through the contact information provided under this Privacy Policy. To ensure security, we may request verification of your user identity before processing your request. In principle, we will verify your user identity and respond to your request within 15 business days of receiving your request.
In principle, we do not charge a fee for reasonable requests. For requests that are repeated several times over some time, we will charge a fee at cost, as appropriate, and for requests that require excessive technical means (e.g., require the development of new systems or fundamental changes to current practices), or where other significant difficulties exist, we will provide you with an alternative method.
We will deny your request if there are circumstances:
(1) Related to the fulfillment of obligations under laws and regulations
(2) Directly related to national security or national defense security
(3) Directly related to public safety, public health, or significant public interest
(4) Directly related to criminal investigations, prosecutions, trials, enforcement of judgments, etc.
(5) There is sufficient evidence that the user has subjective malice or abuse of rights
(6) To protect the life, property, and other significant legitimate rights and interests of the user or other individuals, but it is difficult to obtain his or her authorized consent.
(7) Responding to the user's request will lead to serious damage to the legitimate rights and interests of the user or a third party.
(8) Where commercial secrets are involved.
Please know that you should respond directly to requests for personal information from you. Unless we receive a request for assistance from you, we will either forward the request we receive from your client to you or ask the client to come to you directly for assistance.
V. How we save and protect personal information
(i) Preservation period
We undertake to store your personal information for the minimum time necessary to fulfill the purposes for which you and are authorized to use it, unless otherwise required by law or regulation or otherwise agreed to by the subject of the personal information.
(ii) Preservation of territory
We offer our App in several countries and you understand that we may transfer the information and data you provide to us for storage or processing outside of your country/region. Generally, your personal information will be stored in Singapore. However, for statistical and analytical purposes, we may transfer your personal information across borders outside of Singapore, in which case we will ensure that your personal information is adequately protected in your country or region and that the data is transferred across borders through encrypted channels.
(iii) Protection of personal information
We take the security of your personal information very seriously. To this end, we have adopted industry-standard security technology measures and supporting organizational structure and management system to protect your personal information from disclosure, destruction, misuse, unauthorized access, unauthorized disclosure, or alteration to the maximum extent possible, including:
(a) Data Security Technical Measures
To protect the security of information, we strive to implement various reasonable security technology measures to protect personal information so that your personal information and that of your customers will not be leaked, destroyed, or lost. We use encrypted transmission technologies such as SSL to protect data during its transmission and use proper protection mechanisms to prevent malicious attacks on data. We maintain encrypted storage and data licensing controls on personal information to protect you from unauthorized access, public disclosure, use, modification, destruction, or loss of personal information, whether man-made or accidental.
(b) Data security organization and management measures
We have appointed a person in charge of personal information protection and a working organization for personal information protection as required by laws and regulations. We have also established internal control processes to control the scope of knowledge of personal information by setting strict access permissions for staff who may have access to your personal information and that of your customers, based on the principle of minimum necessity.
We have established an internal regulatory system for the secure use of data and have adopted strict controls over employees or outsourced personnel who may have access to your and your customer’s information, including but not limited to different permissions controls depending on the position, signing confidentiality agreements with them, monitoring their operations, etc.
We organize security and privacy-related training for our employees and require them to complete required assessments to enhance their awareness of the importance of protecting personal information.
(c) Data Security Contract Assurance
Before we indirectly collect and process personal information about you from a third party, we will explicitly require in writing that the third party has obtained your express consent and that the third party commits to the legality and compliance of the source of the personal information in a written agreement. If the third party violates the law, we will expressly require the third party to bear the corresponding legal responsibility.
Before we share your personal information with our partners, we strictly require our partners to assume data protection obligations and responsibilities. To this end, we may require our partners to sign a data processing agreement or include data protection provisions in a partnership agreement signed by both parties before the partnership. The agreement strictly stipulates that the partner’s obligation to keep user information confidential, including the storage, use, and flow of information should meet our control requirements and be subject to our review, supervision, and audit, and in case of any violation, we will require the partner to bear the corresponding legal responsibility.
(d) Security Incident Handling
In the unfortunate event of a personal information security incident, we will immediately activate our emergency plan, take remedial measures, record the incident, and report it promptly by the relevant provisions of applicable laws and regulations. In the event of a security incident that may cause serious damage to the legitimate rights of you, such as the disclosure of sensitive personal information, we will inform you of the basic circumstances of the security incident and its possible impact, the disposal measures we have taken or will take, your options for prevention and risk reduction, the remedial measures we will provide for you, and our contact information. We will promptly notify you of such events by mail, letter, telephone, or push notification, and when it is difficult to do so individually, we will issue warning notices reasonably and effectively.
Please know and understand that the Internet is not a completely secured environment and we strongly encourage you to help us keep your account secure by using secure methods and complex passwords. If you discover that your personal information has been compromised, especially your account or password, please contact us immediately at the contact information provided in this policy so that we can take appropriate measures to protect the security of your information.
VI. How to update this privacy policy
We may amend the terms of this Privacy Policy from time to time, and such amendments form part of this Policy. If such revisions result in a material reduction of your rights under this Policy, we will notify you before the revisions take effect by prominently displaying the revisions on our home page or by sending you an email or other means of notice. In such cases, if you disagree with this Policy, or disagree with the changes or updates to this Policy, you may choose to stop using our products and/or services or cancel your account. However, please be aware that your actions and activities before the cancellation of your account and before the cessation of your use of the App are still governed by this Policy.
If significant, material changes are involved, we will prominently notify you, depending on the circumstances.
Significant, material changes include but are not limited to, the following circumstances.
(1) Our service model has changed significantly such as the purpose of processing personal information, the type of personal information processed, and the way personal information is used.
(2) Significant changes in your rights to participate in the processing of personal information and how they are exercised.
(3) We have undergone significant changes in our ownership and organizational structure.
(4) Changes in the primary targets for the sharing, transfer, or public disclosure of personal information.
(5) Changes in the department responsible for handling the security of personal information, contact information, and complaint channels.
(6) When the personal information security impact assessment report indicates a high risk.
VII. How to contact us
If you have any questions, comments, or suggestions regarding the contents of this policy, you may contact us at: shoplinepos@shopline.com
VIII. Keyword definition
You: Refers to the user and/or its employees and/or developers who register and use GTO data sync and/or other persons authorized to operate the App.
Personal Information: Information recorded electronically or otherwise that can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. The personal information covered by this Privacy Policy includes name, date of birth, identification number, personal biometric information, address, communication links, communication records and content, passwords, property information, transaction information, etc.
Sensitive personal information: personal information that, once leaked, illegally provided or misused, may cause damage to personal or property safety, and easily lead to damage to personal reputation, physical and mental health or discriminatory treatment, including ID card number, personal biometric information, bank account, finance information, credit information, whereabouts, health and physiological information, and transaction information.
Deletion: The act of removing personal information from a system involved in the implementation of daily business functions so that it remains unavailable for retrieval and access.
Anonymization: The process of technically processing personal information in such a way that you cannot be identified or associated with it, and the processed information cannot be recovered.