We value your feedback. Please take a 1-minute survey to help us improve our Help Center. Click ‘Yes’ to participate.

Yes
Start Strong
Sell Smart
Manage with Ease
Market to Success

POS Privacy Policy

Last updated: December 13, 2024

 

POS (hereinafter referred to as "the Company" or "we") is a seamlessly integrate your retail and ecommerce stores at multiple locations. Empower your omnichannel capabilities such as in-store pick-up, local delivery, home delivery and email shopping carts.

This privacy policy (hereinafter referred to as "the Policy") explains how we collect, process, use, retain, share, and transfer your personal data when you use POS App (hereinafter referred to as "POS"). This Policy applies solely to the personal data you provide when using POS, and does not apply to any third-party websites or services that we do not own or control.

Before using POS, please carefully read this Policy and ensure you understand it. Only after you have understood the Policy should you begin using POS. If you disagree with any part of the Policy, you should immediately stop using POS and related services. For your convenience, please refer to Section 8 of this Policy for definitions of important terms. Additionally, please review our SHOPLINE privacy policy that applies to merchants and your customer whose information we process. If any provisions in this policy conflict with provisions of the SHOPLINE privacy policy, the provisions in this policy will apply.

The Company only provides services to users aged 18 and above. For minors under the age of 18, the Company does not knowingly collect their personal data nor provide any app or related services to them. Before using POS, please ensure that you meet the age requirement and have carefully read and understood the information in this Policy. The Company does not knowingly collect personal data from minors under 18, and you should not provide any personal data of minors to the Company in any form. If you discover that the Company has unintentionally collected personal data from a minor, please notify us immediately, and we will promptly endeavor to delete the relevant data.

 

 

1. What Personal Data Do We Collect, Process, and Use?

 

1.1 Collection, Processing, and Use

  1. In accordance with legal, legitimate, and necessary principles, and for the purpose of fulfilling POS terms and providing you with the services, the Company collects, processes, and uses the personal data of data subjects that you voluntarily provide during the use of the POS, data generated from your use of POS, and personal data obtained from third parties. 
  1. Unless otherwise stipulated by law, the Company will only process and use your personal data in accordance with a lawful basis made available to us. Most commonly, we will use your personal data in the following circumstances: 
    • where you have provided us with your consent, such as for direct marketing communications, when consent for marketing is required under applicable law;
    • where we need to perform a contract with you; or
    • where we need to comply with a legal obligation (for example, responding to government or law enforcement request).
  1. The detailed content and purposes of the personal data collected, processed, and used by the Company are specifically listed in the following table for your reference.
    Personal Data Collected and Processed by the Company Purposes of Collection and Use
    Information you provide about yourself and / or your employees like name and email address.
    • To log in to the account and identify cashiers and sales associates.
    • To provide you with - and improve - the app or service you are trying to use (e.g., to confirm your identity, to contact you about our products or services)
    • To advertise and market our services or features to you
    • To comply with legal requirements
    Information of your customers uploaded by you into the POS, such as:
    • Information your customers provide at the time of member registration, such as their name, email address, phone number and other information that you authorized to collect (such as birthday);
    • Information your customers provide at the time of checkout, such as their name, email address, phone number, and delivery information.
    • To provide you with relevant services and to carry out store operations and customer management, such as completing transactions, fulfilling orders, creating memberships, and preventing fraud.
    • To optimize our features and services and to provide you with more customized features and services, such as to provide you with data analysis of your customers to help you achieve business growth.
  1. You hereby acknowledge and authorize us to collect, store and process personal information from your customers for you to use POS, and hereby undertake to us that you have obtained sufficient and necessary authorization, consent and permission from your customers for us to directly collect and use their personal information required to perform relevant services. When you provide us with personal information of any third parties (including your customers) for our further process, you shall ensure that you have obtained sufficient and necessary authorization, consent and permission from such third parties for us to process such personal information for the purpose as requested by you. Nonetheless, we reserve the right to reject your request due to legal or regulatory requirements or restraints.

 

1.2 If You Decide not to Provide Personal Data

You may decide not to provide some or any of your personal data to us. However, if you do not provide it, we may not be able to provide you with access to certain information or services.

 

 

2. Do We Share Personal Data?

We do not share personal information with any third parties unless one or more of the following circumstances exist.

 

2.1 Service Providers

To deliver, communicate, market, and promote our services, we rely on third-party service providers. These providers offer key services that assist us in providing POS Service, including but not limited to cloud infrastructure (Amazon Web Services (AWS) Cloud). We authorize these service providers to use or disclose the personal data we provide them to deliver services on our behalf and comply with relevant legal obligations. We require these service providers to contractually ensure the security and confidentiality of the personal data they process on our behalf. Most of our service providers are located in Singapore and the United States.

 

2.2 Professional Advisors

Where necessary we will share your personal data with our professional advisors such as our lawyers, accountants and auditors. 

 

2.3 Other disclosures

The Company may share your personal data with third parties in one or more of the following circumstances:

  1. When the Company is required to disclose personal data by applicable law, such as to law enforcement bodies, governmental and regulatory bodies, the courts and other competent authorities that may request personal data in connection with any inquiry, court order, or other legal or regulatory procedures which we would need to comply with;
  2. To affiliates, who will act as independent date controllers, joint controllers, or data processors (depending on the purpose for which the group entity receives the data) and who provide IT and system administration and other management or administration services;
  3. To establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims; and 
  4. In connection with any reorganisation, company acquisition, merger, restructuring, transfer of our business or assets, bankruptcy or insolvency, or change in the operational entity.

 

2.4 Public Disclosure

In principle, the Company will not disclose your personal data to the public, except as agreed under your contract or as required by applicable laws or orders.

 

 

3. How Do We Retain Personal Data?

 

3.1 Retention Period

While you are using the POS, the Company will continue to retain the personal data of merchants and consumers for as long as needed for the purposes for which it was obtained. If you cancel your account, actively delete the information, or if the Company ceases operations for any reason, the Company will cease collecting your and the end consumers’ personal data in accordance with legal requirements, and delete the retained personal data or anonymize it.

 

 

4. What Rights Do You Have?

Under applicable data protection law, you have certain rights in relation to your personal data. Please note that many of these rights are not absolute and we may have grounds to not fully comply with your request to exercise them (for example, where we are (a) required or permitted by applicable law to process your personal data in a way that is incompatible with your request, or (b) able to rely on exemptions under applicable data protection law which entitle us to process your personal data in a way that is incompatible with your request). Where such circumstances apply, we will inform you when we respond to your request to exercise your rights. 

 

4.1 Right to Request Access

You have the right to obtain specific information about the processing of your personal data, as well as copies of such personal data, free of charge. You can log in to your POS account at any time to view your personal data.

 

4.2 Right to Rectification

You have the right to correct your personal data or supplement incomplete data without undue delay, if your personal data is inaccurate.

 

4.3 Request to Erasure

You may contact the Company to request the deletion of your personal data (also known as the "right to be forgotten") without undue delay on various grounds, such as where the personal data is no longer necessary for the purposes for which it was originally collected or processed. 

 

4.4 Right to Withdraw Consent

Where we process your personal data based on consent, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing conducted based on consent before any such withdrawal. Furthermore, even in case of a withdrawal we may continue to use your personal data as permitted or required by law. 

 

4.5 What we may need from you

We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data or access someone else's personal data on their behalf (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

 

4.6 How to Exercise Your Rights, and Responding to Your Requests

To exercise your rights under this section you can contact the Company using the contact methods provided at Section 7 in this Policy. We try to respond to all legitimate requests within one month although occasionally it could take us longer than a month; for example, if your request is particularly complex or if you have made a number of requests, this may be extended to an additional two months. To ensure security, the Company may first verify your identity before processing your request. 

 

 

5. How Do We Protect Personal Data?

The Company takes the security of your personal data very seriously. We have implemented industry-standard security technologies, organizational frameworks, and management systems to provide multi-level protection measures to prevent your personal data from being leaked, damaged, misused, or accessed, disclosed, or altered without authorization. Specific measures include:

 

5.1 Data Security Technology Measures

To ensure information security, the Company use encryption technologies, such as SSL, to secure data during transmission and employ proper protection mechanisms to prevent malicious attacks. The Company uses encryption storage and access control mechanisms for personal data to prevent unauthorized access, disclosure, use, alteration, accidental damage, or loss of your and your consumers' personal data.

 

5.2 Where we store personal information

The Company provides POS services across multiple countries and regions and data you provided to us maybe transferred to, stored or processed outside of your country. In principle, we will store your personal information in Singapore and United State. However, for statistical and analytical purposes, we may transfer your personal data to regions outside of Singapore and United State. Nonetheless, we will ensure that your personal information is adequately protected as it is in the country or region where you are located and will use encryption in cross border data transfer.

 

 

6. Updates and Notifications to This Policy

The Company may revise the terms of this Policy from time to time as our privacy practices change, or as required by applicable legal or regulatory requirements, and such revisions will become part of this Policy. Where it is practicable the Company will notify you of any significant changes (such as if there are significant changes in the Company's service model, like changes to the purpose of personal data processing). In such cases, if you disagree with the Policy, or have objections to any changes or updates, you may choose to stop using the Company’s products and/or services or cancel your account. However, please be aware that any actions and activities you conducted before account cancellation or cessation of platform usage will still be governed by this Policy.

 

 

7. Contact Us

If you have any questions, comments, or suggestions regarding the content of this Policy or our handling of your personal data (including any requests to exercise your legal rights), you can contact us via the following addresses:

Email: shoplinepos@shopline.com

 

 

8. Important Term Definitions

8.1 You: Refers to (1) our customers, whether free or paid registered merchant users of POS  and/or their directors, employees and/or authorized personnel, and/or (2) consumers who complete payments through POS.

 

8.2 Personal Data: Refers to various information recorded in paper, electronic, or other forms that can identify a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. Personal data covered by this Policy may include name, date of birth, identification number, address, email, contact information, communication records and content, password, financial information, etc.