Last Updated: April
12, 2024
Effective as of: April 15, 2024
SERVICE TERMS – SHOPIFY
MARKETS PRO
These Service Terms – Shopify
Markets Pro (these “Service Terms”)
constitute a legal agreement between Global-e and Merchant.
As used in these
Service Terms, “we”, “us”, “our” or “Global-e” means
the contracting party of the Global-e group (as defined in Section 12 hereof)
providing the Markets Pro Services as defined herein. “you”, “your” “Merchant” or “Shopify User” means the individual (if the business is a sole
proprietorship) or the business (if signing up on behalf of a legal entity)
that has applied and qualified for participation in the Markets Pro Services. “Shopify” means Shopify Inc. or the
applicable Shopify contracting party (as defined in the Shopify Terms of
Service available here). Each of Global-e and Merchant may
be referred to as a “Party” and
collectively, the “Parties” for the
purpose of these Service Terms.
By applying for Markets Pro
Services, or by otherwise activating or using Markets Pro Services in any way,
you are agreeing to be bound by these Service Terms.
Additionally, you agree to be
bound by all other terms and conditions contained or otherwise referenced in
these Service Terms. You also agree that you are subject to and will comply
with any terms and conditions that govern the use of any services offered by
Shopify through which Markets Pro Services are made available.
By accepting
these Service Terms, you are also accepting and agreeing to be bound by Global-e’s Acceptable Use Policy, Global-e Data Processing Addendum and Privacy Policy. In addition, you must carefully
review the Terms of Sale governing the sale to the Shopper
(as defined below).
We reserve the right to
update and change these Service Terms from time to time by posting updates and
changes here. You are advised to regularly check
these Service Terms for any updates or changes that may impact you. If you do
not accept such changes, you must cease using the Markets Pro Services.
1. SERVICES; ONBOARDING
1.1. The Markets Pro offering and
services performed pursuant to these Service Terms as fully set out herein (the
“Markets Pro Services” or “Services”)
will be enabled after you complete the activation process for Markets Pro on
Shopify’s commerce platform that is accessible by you through your Shopify
Admin (the “Shopify Platform”). You
must follow and complete all steps stated therein. As part of the Markets Pro
Services, we will provide merchant of record and exporter of record services,
including the required know-how and merchant support services.
1.2. The Global-e contracting
party (as defined in Section 12), acting as the merchant of record, will sell
products that are made available for cross-border sale on your online store
hosted by Shopify (“Products” and
"Store" respectively)
directly to individual customers (each, a “Shopper
and collectively, the “Shoppers”)
who have initiated a transaction in respect of Products on your Store and who
desire to have the purchased Products delivered to a designated address located
outside of the United States
(“Destination(s)”). Upon completing
the activation process for Markets Pro Services, all Destinations supported by
Markets Pro Services will be enabled on your Store. If you would like to use
Markets Pro Services in only select Destinations, you will need to manually change
the Destinations operated by the Markets Pro Services through the Shopify
Platform. The Shopper will be the “importer of record” of the purchased Products and we will cause the required documents to
properly reflect that.
1.3. KYC. You hereby agree and authorize us, that at any time while
these Service Terms are in effect, we may conduct anti-money laundering (“AML”) and/or “know your customer” (“KYC”) validation processes to confirm
your identity, to evaluate your business, to obtain financial information,
credit information and your Personal Data (including from third parties)
relating to you, your directors, officers and principals, or take any other
action required in order to satisfy applicable AML or KYC compliance
requirements or other compliance and legal obligations (the “KYC Process”). You authorize Shopify,
to the extent within its possession, to share information required by Global-e
or any third party to perform the KYC Process as set forth in this Section 1.3.
This includes, but is not limited to, your name, your business or trade name,
state in which you are incorporated, tax identification number, business
address, your beneficial owner’s ID or passport number and date of birth,
storefront URL, settlement currency, product catalog, expected transactional
volume, average fulfillment period, warehouse location, bank name and address
and bank account information. You must cooperate with the KYC Process and
provide us or Shopify with documents required from time to time. We reserve the
right to terminate these Service Terms with immediate effect at any time before
the KYC Process is completed or not completed satisfactorily, and the right to
refuse or rescind any Markets Pro Services without any fault on our end if such
KYC Process is not completed satisfactorily or if you fail to cooperate with
our reasonable KYC requests from time to time. We also reserve the right to
retain any funds and not disburse or pay any such funds if this KYC Process is
not completed satisfactorily.
2. SETUP AND ACTIVATION; CONFIGURATIONS
2.1. Markets Pro Application; API. You must activate and make
such configurations required through the Shopify Platform before Markets Pro
Services can be accessed and used. Neither Shopify nor Global-e will be
obligated to render or perform any Markets Pro Services if Merchant fails to
properly activate and enable Markets Pro on the Shopify Platform. You commit to
having and making available the necessary resources required to achieve the
above objectives in a timely manner. You will be solely responsible (at your
own cost and labor) for the performance and the availability of your Store, as
well as continually reviewing and updating all Store settings required to
enable Markets Pro Services, including the appropriate configurations and
settings of the Store and any systems and telecommunications facilities
necessary to enable you to operate your Store and receive Markets Pro
Services. In certain cases
we may provide you with an API to our approved 3rd party logistics providers
(the “Supported External Fulfillment API”),
allowing you to perform certain functions described in these Service Terms
automatically through the Supported External Fulfillment API.
2.2. Business Rules and Shipping Policies. Before using Markets Pro
Services, you are responsible for configuring, reviewing
and signing off on the Business Rules and the Shipping Policies. “Business Rules” refers to
per-Destination settings, configurations, rules and
other proposition selections made through the Shopify Platform to determine the
manner by which products will be priced and sold to a Destination. “Shipping Policies” refer to the
selection of shipping services through the Shopify Platform, including the
applicable shipping Rate Card available for your merchant offering and the
rates and fees charged to your Shoppers on checkout. Neither Global-e nor
Shopify will be responsible or liable if you fail to follow the requirements of
this section or for any misconfiguration of the Business Rules or the Shipping
Policies. You are responsible for reviewing and making any necessary updates to
your Business Rules and Shipping Policies.
2.3. Product Pricing. You will be required and responsible for setting and
configuring the Products sale price (in USD or in the currency of the Shopper)
through the Shopify Platform in accordance with the terms and conditions of the
Shopify Platform, including any pricing rules applicable to the base price of a
Product. The price of Products displayed on the Store and paid by the Shopper
will be rendered based on the rules and requirements set forth on the Shopify
Platform, including the applicable FX rate (including spot rate and conversion
fee) which will be automatically included in the Product price if
using dynamic exchange rate conversions) (the “Product Sale Price”).
2.4. Shopper Shipping Charges. Using the Shopify Platform, you
will be required to set the Shipping Policies including the shipping fees which
will be charged to each Shopper on checkout. As between you, Shopify and
Global-e, you will be solely responsible and liable for any and all shipping
charges, costs, fees or surcharges associated with the delivery (including
customs clearance) of a Customer Order, and any difference between such amounts
and the amount configured to be charged to the Shopper pursuant to the Shipping
Policies will constitute a Permitted Deduction and billed to you as part of the
reconciliation process. Markets Pro will handle the operational management and
contracting of any carrier engaged to provide shipping, delivery
and customs clearance services for Markets Pro Services (each, a “Contracted Carrier”). The availability
of and the services provided by each Contracted Carrier for Markets Pro
Services may vary, and are subject to periodic changes
and updates. We will reconcile with these Contracted Carriers any fees and
charges related to the contracted services. Specifically, you agree to the
terms of service of DHL eCS as a Contracted Carrier which are available here.
2.5. Each Payout File will provide
the relevant details of the eligible consignments shipped, including any
differences in shipping charges related to the actual chargeable measurements
(e.g. shipping dimension and weight) based on the then-applicable Rate Card. In
the event of a difference (e.g. shortfall or excess) between (A) the Weights
used by the system based on your inputs on the Shopify Platform to determine
the estimated shipping cost of the consignments as stated in the order (the
“Estimated Weights”), and (B) the Actual Chargeable Weights of the consignments
based on the then-applicable Rate Card, such difference in amount between items
(A) and (B) will be reconciled as follows: any amount owed to us (i.e. in the
event that the Actual Chargeable Weights were greater than the Estimated
Weights used) shall be deemed a Permitted Deduction and we may deduct such
amount from the Merchant Payout Amount or invoice you for such difference. Any
amount owed to you (i.e. in the event that the Estimated Weights were greater
than the Actual Chargeable Weights) will be set-off by way of a credit note in
the next reconciliation cycle as per Section
4. For purposes hereof, “Weights”
shall mean the applicable volumetric (dimensional) or dead-weight, as
applicable, and “Actual Chargeable
Weights” shall be based on the most accurate weight reported by the
Contracted Carrier at the time of the report (i.e. based on Contracted
Carrier’s reported weights or invoiced weight, and in the absence of both, the
Estimated Weight used by the system).
2.6. For the avoidance of doubt,
neither Global-e nor Shopify provides any guarantee in the accuracy of the
shipping charges based on the Estimated Weights that are displayed to your
Shoppers on checkout. You are responsible for ensuring that you enter accurate
Weights of each Product on your Store on the Shopify Platform.
3. ORDER CREATION AND MANAGEMENT; ORDER FULFILLMENT
3.1. Order Processing. Your Store cart (“Cart”) will be processed for payment
authorization through the Shopper’s selected payment method, fraud detection
and prevention, and determining any applicable Taxes. Subject to successful
processing, an order will be created on your Store (“Customer Order”). Global-e will be relying on the data received
from the Shopify Platform with respect to the accuracy of the Cart content and
the Customer Order and Product data contained therein. We will have the right
to cancel any order for reasons including payment declined, fraud or other
circumstances reasonably determined and assessed by Global-e.
3.2. Taxes and Duties. Based on the Product, Customer
Order and customer shipping information received at the time of checkout, we
will estimate the taxes (such as import taxes, sales taxes, value added tax or
similar taxes), customs duties or other charges or fees that may be imposed on
the order (such fees, the “Taxes”),
and apply such Taxes. When Customer Orders are delivered by a Contracted
Carrier, we will guarantee the amount of Taxes to you and the Shopper and be
responsible for paying such Taxes to the relevant authorities or brokers as
long as Taxes were paid on checkout by the Shopper or already included in the
Product Sale Price as a subsidy (the “Taxes
Guarantee”).
3.3. Order Fulfillment. You will be responsible for
fulfilling the order, including picking and packaging
the Products underlying each Customer Order, and generating all the required
shipping and customs documents through the Shopify Platform or the Supported
External Fulfillment API, as applicable. You may amend a Customer Order, as
well as cancel it in full and authorize a refund. Order Editing will be
possible until the order is partially or fully fulfilled or at first successful
label purchase. Any partially fulfilled Customer Orders will only be included
in payouts when a ‘dispatched’ tracking event is received from the carrier.
Customer Orders will be
prepared for delivery to the Shopper by way of applying all necessary
international shipment documents (e.g. shipping label, export documents and
commercial/VAT invoice), as made available to you through the Shopify Platform
or Supported External Fulfillment API, as applicable (such documents, “International Shipping Documents”). You
may not use any documents other than the International Shipping Documents made
available to you through the Shopify Platform or the Supported External
Fulfillment API, unless such documents are separately approved by Global-e. You
will process the Customer Orders at your facility or a third-party provider’s
facility that has been approved by Global-e, which
will include the International Shipping Documents being produced by your
personnel, updating the status of the processed Customer Order and making the
processed Customer Order available for dispatch and pickup for delivery
straight to the Shopper. Customer Orders fulfilled in multiple parcels may
incur additional shipping charges.
3.4. Shipping and Delivery; Rates. No carrier other than Contracted
Carriers may be used for shipping and delivery of fulfilled Customer Orders
through Markets Pro Services. Global-e will manage the shipping and delivery
performed by Contracted Carriers, including but not limited to managing lost or
damaged Product disputes and customs clearance in supported Destinations, and
will offer the Taxes Guarantee pursuant to Section 3.2. Shipping and delivery
costs, including all charges and fees of Contracted Carriers, are stated in the
assigned rate card available for Markets Pro Services on the Shopify Platform
(“Rate Card”). The Rate Card will be
assigned based on your actual shipping volumes; provided that, the initial Rate
Card will be assigned based on your last twelve (12) months of shipping data
from your activation date of Markets Pro Services (such date, the “Activation Date”), and such Rate Card
as well as any additional shipping or accessorial fees and surcharges may be
updated from time to time, and we will exert reasonable efforts to notify you
in writing in advance of such changes taking effect. The initial Rate Card will
be re-assessed the quarter following the Activation Date, and thereafter every
12 months, using your actual shipping data, and a new Rate Card may be assigned
to you from time to time, in which such newly-assigned Rate Card will apply
from that point onwards. We reserve the right to true-up any amounts if you
should have been assigned a lower tier Rate Card and billed for the difference
of any shipping costs, fees and charges under that
lower tier Rate Card. We may waive or delay, at our sole discretion, our right
to true-up any such amounts. If a carrier which is not a Contracted Carrier is
used, certain features of Markets Pro Services will be unavailable, including
the Taxes Guarantee and claims for Products lost-in-transit.
3.5. Title. As principal, you grant Global-e the legal right to act as
the seller and merchant of record, and as the exporter of record. Once you have
completed fulfilling and processing a Customer Order, flash title to the
Products will transfer to Global-e allowing Global-e to complete the
transaction with the Shopper, acting in Global-e’s name but for your account.
You will be deemed to have sold the Product to Global-e prior to the export or
subsequent sale to the Shopper, and simultaneously we will be deemed to have
forthwith sold the Product to the Shopper.
3.6. Lost in Transit. Subject to Section 3.4, any loss or damage to
Products during transit to the Shopper using a Contracted Carrier will be our
responsibility and liability, up to the loss coverage amount provided by such
Contracted Carrier. We will manage the loss claim with the Contracted Carrier.
The difference between the Contracted Carrier’s loss coverage amount and the
amount required to be refunded and paid to the Shopper in respect of such loss
will be a Permitted Deduction and reimbursed to Global-e as part of the reconciliation
process outlined herein. Global-e will not be liable or responsible for any
loss or damage caused to Products while at your warehouse. Global-e will not be
liable for any loss by an untracked shipment service (if you elect to use such
level of service). “untracked” shall
mean a shipment method that does not provide full shipment tracking information
(i.e. information until the time of delivery).
3.7. Undeliverable Packages. In the event that a Customer Order
package cannot be delivered to a Shopper, you shall be responsible for any
Undeliverable Fees incurred as a result of the Undeliverable Actions. “Undeliverable Actions” means those
certain actions taken by a Contracted Carrier (as reasonably determined by
Contracted Carrier in its discretion) to address an undeliverable Customer
Order package, including but not limited to: (a) returning the undeliverable
Customer Order package to its origin inventory address (“RTO”); (b) redirecting
the undeliverable Customer Order package to an alternate address or
destination; or (c) abandoning and destroying the undeliverable Customer Order
package. “Undeliverable Fees” means
any and all fees and expenses arising out or associated with the Undeliverable
Actions. These Undeliverable Fees shall constitute a “Permitted Deduction” and
shall be deducted from the applicable Merchant Payout Amount. Notwithstanding
the foregoing, in cases where DHLeCommerce is the Contracted Carrier and
DHLeCommerce deems a Customer Order package located outside of Canada to be
undeliverable, such package will be automatically abandoned and destroyed.
3.8. Cancellations. Shopper cancellations will be only in accordance
with the terms and conditions under the applicable Terms of Sale. We may cancel
any Customer Order in cases of technical issues unrelated to us, any Customer
Order determined to be fraudulent or where payment was declined by the
Shopper’s bank.
3.9. Refunds. You will confirm, through the Shopify Platform, the
eligibility of all or part of a Customer Order for refund and will authorize
the amount eligible for refund, which will automatically trigger a conforming
refund by Global-e through the same payment method and in the same currency
used for such Customer Order. The refund amount you authorize, including any
costs and charges for shipping, taxes, duties or other
fees due to be refunded to Shopper or incurred in connection with such refund
or return of items, will be regarded as a Permitted Deduction, unless such
refund or any costs or charges are the direct result of our gross negligence or
willful misconduct. For greater clarity, you will not receive a refund of any
applicable fees outlined in Schedule 1 paid or owing to us in connection with
an order being refunded, whether in full or in part.
3.10. Chargebacks. Covered Chargebacks will be our responsibility and
liability unless you have overridden our decision to reject an order. All other
Chargebacks and associated costs, fees and charges imposed by the card issuer,
payment provider or other authorized entity will be your cost, and we will bill
and charge you such amounts as part of the reconciliation process as a
Permitted Deduction. We are under no obligation to dispute or take any action
with respect to non- Covered Chargebacks. “Covered
Chargebacks” means a demand by a card scheme or payment method to reverse
or refund a disputed or fraudulent transaction (such demand, “Chargeback”) other than those
Chargebacks: (i) related to fraud scenarios
(otherwise known as “friendly fraud”) where the perpetrator uses his or her own
account and personally benefits or is complicit in the fraud (e.g., a Shopper
disputes a charge, alleging it is not authorized, but such order is delivered
to a verifiable address of cardholder); or (ii) directly resulting from your
activity or inactivity (e.g. order is not fulfilled or partially fulfilled,
refund is not processed or item received is different than as described on your
Store). You agree that the relevant card scheme or payment method’s decision
regarding the validity and value of such Covered Chargebacks will be final and binding and we will not be liable for decisions
made by the card scheme or payment method.
4. RECONCILIATION PROCESS; PAYOUTS
4.1. Report; Invoicing. Your account statement and
associated statement reports, presented in USD (“Payout Files”), will be posted on the Shopify Platform four times a
month, on the 1st, 8th, 15th and 22nd of each calendar month (each, “Payout Day”). The Payout Files will
include all fulfilled Customer Orders transactions for which ‘Dispatched’
status was triggered since the previous Payout Day (each transaction, a “Payout Eligible Transaction”). The
Payout Files will also specify the applicable Product Sale Price and shipping
information (including shipping and tax subsidies), refunds made to Shoppers
during the reconciliation period and manual adjustments (such as service
gestures). The Payout Files will serve as the agreed basis for billing and
reconciliation of funds between the Parties. You undertake to promptly review
the Payout Files and notify us in case you have any concerns or disputes no
later than 21 days following the applicable Payout Day. If the Payout File
results in a zero or negative balance due for payout (whether due to discounts,
returns, refunds, non-Covered Chargebacks, shipping charges or when gift cards
are used for payment), then no payout will occur, and any negative balance will
be carried forward to the next positive Payout Day. Payouts will be issued once
the balance becomes positive. Notwithstanding the foregoing, Global-e reserves
the right to charge you for any outstanding negative balances (regardless of
whether such negative amounts are due to taxes, duties, shipping charges or
otherwise and due to any other costs, fees and expenses associated with the
Services) (such amounts, the “Negative Balance Amounts”), either by: (A)
directly debiting your bank account (“Bank
Account”) or charging your credit card (“Credit Card”) on file for such negative amounts; or (B) by
offsetting such negative amounts against past or future payouts. You hereby
authorize Global-e to periodically debit your Bank Account or charge your
Credit Card on file for any Negative Balance Amounts owed to Global-e under
these Service Terms or to credit or transfer funds to any of your accounts on
file, until this authorization is revoked. You waive any prior notice
requirements for Global-e to provide you with notice of a debit or charge for
Negative Balance Amounts owed to Global-e or amounts used to credit or transfer
funds to any of your accounts on file. Global-e may rely on this authorization
to make one or more attempts to collect all or a subset of the Negative Balance
Amounts owed. Your authorization under this section will remain in full force
and effect until (a) you have terminated these Service Terms and the Markets
Pro services hereunder or (b) all Negative Balance Amounts you owe under these
Service Terms are paid, whichever occurs later. If applicable debit scheme
authorization rules grant you the right to revoke your debit authorization,
then to the extent permitted by law, you waive that right.
4.2. Each account statement will
reflect, in USD, the Merchant Payout Amount for all the Payout Eligible
Transactions on each Payout Day, less Permitted Deductions (including deduction
of Taxes subsidized by you), which we will pay you in accordance with these
Service Terms. Shipping fees and charges will be based upon the applicable Rate
Card, and billed to you (as part of the reconciliation
process) in addition to any Permitted Deductions. The basis for calculating any
applicable percentage-based fee as a Permitted Deduction amount will be the
Total Order Value paid by the Shopper on checkout, such “Total Order Value” equals the total Product Sale Price of all items
purchased by the Shopper in a Customer Order, plus any associated shipping
charges and Taxes paid by the Shopper on checkout.
“Merchant Payout Amount” means the total Product Sale Price paid by
the Shopper for all Product items purchased and any manually adjusted amounts
remitted to you by Global-e on behalf of Shopify.
“Permitted Deductions” mean any costs or fees we incur as a result
of rendering the Markets Pro Services with respect to an applicable Customer
Order, including if such costs or fees result from your instructions or
approvals (e.g. subsidies), including but not limited to those related to (i) any applicable fees referenced in Schedule 1 - Pricing
attached hereto; (ii) all costs and expenses for the fulfillment of a Customer
Order including Taxes and any charges relating to export, customs clearance,
transport and delivery, in each case required to be paid as a result of
shipping the Customer Order and any shortfalls between such amount and the
amounts we were instructed to charge the Shopper, and any difference amounts
pursuant to the true-up mechanism outlined in Section 2.4; (iii) non-Covered
Chargebacks; (iv) other fees, amounts or credits relating to returns, refunds,
re-shipments or processing un-deliverables to a Shopper; (v) actual costs
incurred as a result of your election to override any value that modifies
shipping prices, foreign exchange variances arising due to shipment of Products
(and capture) after the rate lock 30-day period expires, (vi) any other charges
made to cover your financial liabilities or negative balance (including
negative balance caused by an insufficient or low Merchant Payout Amount
relative to Permitted Deduction amount) owed to us during the term or
post-termination of these Service Terms; and (vii) any other costs, fees and
expenses included in these Service Terms or set by the Shopify Platform in
connection with the Services.
4.3. The net amount resulting from
deducting the Permitted Deductions from the Merchant Payout Amount, plus any
applicable Taxes, will be paid within three (3) business days following the
date on which the Payout Files were posted.
4.4. You acknowledge that Global-e
is expressly appointed as either yours or Shopify’s agent, as applicable, to
represent either you or Shopify and act on your or Shopify’s behalf, as
applicable, with respect to the payment of any money due to either you or Shopify.
We hereby confirm (and confirm that Shopify has acknowledged and agreed) that
payment of money from you to Global-e for delivery to Shopify satisfies and
discharges your payor obligations to Shopify with respect to money due
hereunder, but for the avoidance of doubt, not with respect to any money
otherwise owed for which you will remain liable to Shopify.
5. MERCHANT UNDERTAKINGS
5.1. You represent, warrant and
undertake that: (i) you have installed, enabled or
activated (and if needed, properly configured) all the relevant and required
Shopify Platform applications in order to receive and use the Markets Pro
Services; (ii) you or if you are an entity, then the person entering in to
these Service Terms on your behalf, are duly authorized and have full legal
capacity to enter into these Service Terms; (iii) no shareholder, board member,
authorized signatory or senior management of Merchant is related to a public
official or their immediate family members, and no shareholder, board member,
authorized signatory or senior management of Merchant has ever been
investigated for, convicted of, fined for, indicted for, or charged with a
criminal offence or regulatory breach, including, without limitation, any
related to bribery or corruption; (iv) you will supply Global-e with Products
to which you have title or other full legal right appropriate for the
performance of these Service Terms and which operate and perform in accordance
with the respective Product specifications (including with respect to the
origin of the products or materials, authenticity and genuineness), and include
proper product labeling, tags, manuals, brochures or certifications, as needed
for the product; (v) all intellectual property rights subsisting in or related
to the Products are and will continue to be your or your licensors’ sole and
exclusive property and you are not aware of any infringement in intellectual
property rights subsisting in the Products; (vi) the sale of the Products to
Shoppers in accordance with these Service Terms will not infringe any rights of
any individual or entity worldwide; (vii) you will provide us only with data
(by any means) or configuration applied by it (including, for example, the price
list, Product catalogue, business rules configurations, etc.) that is accurate,
complete and up-to-date and you will be solely and fully liable for any errors
caused by the inaccuracy or incompleteness of such data; and (viii) you will
not transmit data through the Markets Pro Services that you know or should know
will corrupt or jeopardize our or the Shopify
Platform’s computer systems and/or data.
5.2. You will be solely
responsible for all Product warranties (including warranty of conformity and
warranty for latent defects), and addressing any claims that Shoppers or any
eligible third parties may have relating to the Product including, without
limitation, any claims arising under consumer protection or similar
legislation, and/or any claims that the Product infringes the intellectual
property rights of any third party (including for being fake, counterfeit or of
an unlawful or illegal origin). You will be solely responsible for the
packaging of any items included in the Customer Order.
5.3. Each Party, or anyone acting
on its behalf in connection with procuring, connecting, authorizing
or otherwise operating the Markets Pro Services, has the full power and
authority to execute, deliver and perform this engagement under these Service
Terms. These Service Terms are valid, binding and
enforceable against each Party in accordance with its terms and no provision
requiring a Party’s performance is in conflict with obligations under any
constitutional document, charter or any other agreement (of whatever form or
subject) to which each Party is a party or by which such Party is bound. Each
Party is duly organized, authorized and in good standing under the laws of the
country, region or state of its organization and is duly authorized to do
business in all other states, regions or countries in
which its business makes such authorization necessary or required. In addition,
the person performing the onboarding, app installation or any other pre-service
setup and thus consenting and signing up for the Markets Pro Services will be a
person who is authorized to do so and will be the corresponding person in
connection with the Markets Pro Services. You are liable and responsible for
ensuring that the person’s name and information are true and correct.
5.4. You must have and maintain
general/public liability insurance (including product liability) for a minimum
amount appropriate for your business and scope of trade, for each occurrence,
with insurers of good repute, at your own cost, such insurance to be effective
and valid in all Destinations to which the Products are sold hereunder.
5.5. You must inform Shopify via
your merchant success manager or general support of any change to your
KYC/onboarding statements (or any subsequent statements) with respect to your
beneficiary owners.
6. SERVICE LIMITATIONS
6.1. Global-e will make best
efforts such that each sale, export and if applicable, delivery, of Products to
a Destination comply with the Applicable Laws pertaining to cross-border
personal-import of such Products. “Applicable
Law” means all federal, state, and local laws and regulations, directives
and any other relevant authorities, guidance and requirements applicable to the
Parties’ performance under these Service Terms, including, but not limited to,
as may be applicable, securities laws and regulations, privacy and data
protection laws and regulations, AML, Office of Foreign Assets Control (“OFAC”), and applicable anti-bribery and
anti-corruption laws including the Foreign Corrupt Practices Act.
6.2. Restricted Products. Subject to receiving an accurate, complete and updated catalog, containing adequate product
description and specifications, we will restrict Products, and reserve the
right to decline Customer Orders containing restricted Products (or Products
which Global-e deems to be restricted), in each case, for personal-import or
sale in the Destination. The decision to restrict a Product (or the actual
restriction thereof) will be made based on our best effort best knowledge
basis. If you would like to dispute any
Product restrictions or believe that any Product restrictions have been made in
error, you will have the opportunity to submit supporting documentation or
information. However, we retain final decision-making authority regarding the
Product restriction, and you will not have any claim on that decision or
resulting restriction. We may suspend, reject or
terminate the Markets Pro Services (and terminate these Service Terms), if we
determine that the products, their offering, or the Store are not suitable for
Markets Pro Services or in case we discover a material discrepancy of the
onboarding statements/AML/KYC.
6.3. No Pick-Pack or Parcel Validation. We will not be responsible
for the pick-pack of Products or Customer Orders, and we will not open any
parcel, package or otherwise verify its content or the inclusion of all or some
items, and we will rely solely on you and your reports through the Shopify Platform in
this regard.
6.4. Dangerous Goods. The sale, export or
delivery of Dangerous Goods (as such term is commonly defined by the
international carriers or applicable legislation) using Markets Pro Services is
prohibited, and you will be fully and solely liable in the event that a Product
classified as Dangerous Goods was included or contained in a parcel.
7. TERMINATION; CONSEQUENCES OF TERMINATION
7.1. You may terminate these
Service Terms and the Markets Pro Services hereunder at any time by following
the instructions in the Markets Pro section of your Shopify Admin. Please note that in case of termination under this
Section 7.1, you must take all action in preparation of such effective date of
termination including, without limitation, assuming responsibility and having a
solution in place to handle any Shopper or Customer Order issues. Since we
operate under these Service Terms as ‘merchant-of-record’, you will indemnify
Global-e (and the Shopify Platform if applicable) and hold Global-e harmless
for any Shopper claim or related claims associated with such transition of
service from Global-e to you.
7.2. Each Party shall have the
right to terminate these Service Terms at any time, by written notice to the
other Party, with immediate effect, in any of the following events: (i) winding-up, dissolution or reorganization proceedings
shall be commenced with respect to the other Party, provided that if such
proceedings shall be rescinded within thirty (30) days of their commencement,
such notice of termination shall have no effect; (ii) the other Party shall
substantially cease to carry on business; (iii) a substantial part of the other
Party's assets shall be attached or levied by a court or another official
agency, provided that if such attachment or levy shall be removed within thirty
(30) days, such notice of termination shall have no effect; or (iv) the other
Party shall be in material breach of any of its material obligations under
these Service Terms and such breach shall not be cured within thirty (30) days
after receiving a written notice from the other Party, specifying the breach
and demanding its cessation.
7.3. Upon expiration or effective
date of termination of these Service Terms for any reason, we will cease to
provide the Markets Pro Services and will disable any technology (including
APIs) related to the performance of Markets Pro Services, and all rights or
permissions granted hereunder shall terminate. After expiration or termination
of these Service Terms, you may not use any information, data or document
provided to you, or was obtained or accessed by you, solely in connection with
or through the Services during the term of these Service Terms, except for
storefront, order and Shopper data created or processed by Global-e while
performing the Services.
7.4. All sections of these Service
Terms that by their terms should survive expiration or earlier termination of
these Service Terms shall so survive in accordance with their terms.
7.5. Final reconciliation shall be
made no later than 90 days (but not earlier than 60 days) following the
termination date, allowing all returns, refunds and
Chargebacks liability periods to lapse. Alternatively, you may elect to
reconcile promptly after the termination date, in which case we may withhold up
to 30% of the reconciliation value (at our reasonable discretion) for 90 days
following the termination date to cover liabilities for returns, refunds and
Chargebacks.
8. INTELLECTUAL PROPERTY
8.1. Each Party retains all
intellectual property rights to anything developed by such Party that is
provided to, accessed by, or used by, the other Party under the Service Terms.
Nothing in these Service Terms shall be construed as granting or conferring upon
either Party, whether express or implied, any rights (including all
intellectual property rights) not expressly granted to the other Party herein,
all of which shall be retained by the first Party. The use by a Party of marks,
logos or trademarks (“Marks”), whether registered or not, does not entail any transfer of
ownership, rights or copyrights.
8.2. Neither Party shall
duplicate, alter or modify, access source code, make
derivative works, make public performance or publicly display the technology
underlying the Markets Pro Services or the Store, respectively.
8.3. Nothing contained in these
Service Terms shall restrict Global-e (or any of its affiliates) or the Shopify
Platform from offering and using our respective technologies or know-how or any
other intellectual property for the purpose of providing services similar to
the Markets Pro Services to any other third party.
9. CONFIDENTIALITY
9.1. The Parties undertake to use
the other Party’s Confidential Information solely as necessary for performing
its obligations under the Service Terms and not to disclose Confidential
Information to any third party without the other Party’s written consent. "Confidential Information" means
any information, in whatever form, disclosed or provided by one Party to the
other Party (“Receiving Party”) in
the context of the Service Terms that is not non-confidential information.
Non-confidential information means any information which (a) is or becomes
generally available to the public other than as the result of a disclosure by
the Receiving Party; (b) the Receiving Party can show that it already had in
its possession before it was received; (c) information which the Receiving
Party is obliged to provide in accordance with any Applicable Laws, court order
or decision by a governmental authority; or (d) information which the Receiving
Party has received from a third party without being bound by confidentiality in
relation to it. Confidential Information also refers to third party information
of technical, commercial or other nature unless there
are objective and reasonable grounds to assume that such information is
non-confidential. This provision applies to any information relating to third
parties that you obtain when using the Markets Pro Services, and where the
dissemination of the above mentioned information is
not desired by third parties. Receiving Party may share Confidential
Information with subcontractors, advisors and other
companies within its group where necessary for the provision of the Markets Pro
Services or the performance of these Service Terms provided that such parties
are subject to confidentiality obligations corresponding to those under the
Service Terms.
9.2. Each Party agrees that
monetary damages would be inadequate to compensate the other for breach or
threatened breach of any provision of this Section. Accordingly, in addition to
any other remedies available at law or in equity, the injured party will be entitled
to seek specific performance or injunctive relief (as appropriate) as a remedy
for any breach or threatened breach thereof.
10. LIMITATION OF LIABILITY; INDEMNIFICATION
10.1. Disclaimer. Except to the extent provided otherwise in these Service
Terms, the Markets Pro Services and other items made available by Global-e are
provided on an "as is" and "as available" basis, and all
express, implied and statutory warranties and conditions (including without
limitation any implied warranties or conditions of merchantability,
satisfactory quality, fitness for a particular purpose, non-infringement, or
quality of service, or that otherwise arise from a course of performance or
usage of trade) are hereby disclaimed. Except to the extent provided otherwise
in these Service Terms, Global-e does not make any representation, warranty,
guarantee or condition regarding the effectiveness, usefulness, reliability,
completeness, or quality of the Markets Pro Services or such other items,
services or that the provision or use thereof will be uninterrupted, secure,
error-free, or will otherwise generate revenue or meet your needs.
10.2. LIMITATION OF LIABILITY. IN NO EVENT WILL WE, SHOPIFY OR ANY
OF OUR RESPECTIVE AFFILIATES BE LIABLE UNDER, OR OTHERWISE IN CONNECTION WITH,
THESE SERVICE TERMS FOR: (A) ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL
DAMAGES, (B) ANY LOSS OF PROFITS, ANTICIPATED SAVINGS, BUSINESS, OR REVENUE,
(C) ANY LOSS OF, OR DAMAGE TO, DATA, REPUTATION, OR GOODWILL, AND/OR (D) THE
COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES. THE FOREGOING LIMITATIONS
SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND: (A) EVEN IF
YOU HAVE BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES,
DAMAGES, OR COSTS; (B) EVEN IF ANY REMEDY IN THESE SERVICE TERMS FAILS OF ITS
ESSENTIAL PURPOSE; AND (C) REGARDLESS OF THE THEORY OF LIABILITY (INCLUDING,
WITHOUT LIMITATION, BREACH OF CONTRACT, TORT, NEGLIGENCE OR STRICT LIABILITY).
OUR AND OUR AFFILIATES’ AGGREGATE LIABILITY UNDER, OR OTHERWISE IN CONNECTION
WITH, THESE TERMS, SHALL NOT EXCEED THE AMOUNTS OF FEES PAID OR PAYABLE TO
GLOBAL-E PURSUANT TO THESE TERMS IN THE TWELVE (12) MONTHS IMMEDIATELY PRIOR TO
THE EVENT GIVING RISE TO SUCH LIABILITY.
10.3. Indemnification. You will indemnify, defend and hold harmless
Global-e and its affiliates and each of their respective officers, directors,
employees, agents, representatives, successors, and assigns from and against
any and all third party claims, causes of action, suits, liabilities, damages,
fines, penalties, costs and expenses (including, without limitation, outside
attorney’s fees and costs) (each a “Claim”)
arising from or in connection with (i) your breach of
any of the obligations, representations, warranties or undertakings set forth
in these Service Terms; (ii) Merchant’s negligence or willful misconduct in
connection with these Service Terms; or (iii) death, bodily harm or tangible
property damage caused by a Product sold by Global-e hereunder. If Global-e receives
notice or knowledge of a claim as described above, it will promptly notify
Merchant in writing and give Merchant assistance and the exclusive authority to
control the defense and settle such claim. Global-e will have the right to
participate in the defense with counsel of its choice at its own expense.
11. GENERAL CONDITIONS
11.1. We are committed to render
the Markets Pro Services and carry on business in accordance with our Code of
Conduct (available here: Global-e Code of Conduct). We also require our
vendors, sub-contractors and service providers to act in accordance with the
Vendor Code of Conduct (available here: Vendor Code of Conduct). You are therefore required
to act under these Service Terms in accordance with the moral and ethical
values of such policies and codes, and you will take such actions required to
ascertain that your employees and service providers involved in the performance
of these Service Terms will adhere to the same philosophy and values for the
management of their own companies/vendors.
11.2. Neither Party will be
responsible for any failure or delay in its performance under these Service
Terms (except for any payment obligations) due to causes beyond its reasonable
control, including, but not limited to, labor disputes, strikes, lockouts, shortages
of or inability to obtain labor, energy, raw materials or supplies, war,
terrorism, riot, acts of God or governmental action (in each case to the extent
beyond its reasonable control).
11.3. These Service Terms are
governed by and shall be construed in accordance with the laws of the State of
Delaware. Non-contractual obligations (if any) arising out of or in connection
with these Service Terms (including its formation) shall also be governed by
the laws of the State of Delaware. The Parties submit to the exclusive
jurisdiction of the courts located in Wilmington, Delaware and each party
hereby irrevocably submits to the personal jurisdiction of such courts and
waives any jurisdictional, venue, or inconvenient forum objections to such
courts. Notwithstanding the foregoing, Global-e may seek injunctive relief in
any court worldwide that has competent jurisdiction. The United Nations
Convention on Contracts for the International Sale of Goods is hereby
disclaimed.
11.4. The Parties hereby agree to
the fullest extent permitted by Applicable Law, that each of them irrevocably
waives all right to trial by jury as to any issue relating hereto in any
action, proceeding, or counterclaim arising out of or relating to these Service
Terms.
11.5. All notices, consents and
other communications required or permitted to be given under these Service
Terms will be in writing and delivered by email transmission, by courier or
overnight delivery service, or by certified mail, and in each instance will be
deemed given upon receipt. All communications will be sent to the addresses set
forth above or to such other address as may be specified by either Party to the
other Party in accordance with this section.
11.6. Neither Party may assign
these Service Terms without the prior written consent of the non-assigning
Party. Notwithstanding the foregoing, these Service Terms may be freely
assigned by either Party without the consent of the other Party in the context
of: (a) a reorganization, consolidation, merger, acquisition or sale or other
disposition of substantially all of the assets of a Party; or (b) a transfer of
more than fifty percent (50%) of the voting rights of a Party to an Affiliate.
Any assignment in violation of this provision will be invalid. These Service
Terms will be binding upon, enforceable by and benefit the Parties and their
respective successors and assigns. "Affiliate" shall mean any
individual or entity that, at the applicable time, directly or indirectly
controls, is controlled with or by or is under common control with, a Party.
11.7. These Service Terms together
with the schedules and appendices hereto constitute complete and exclusive
agreement between the Parties concerning its subject matter and supersedes all
prior or contemporaneous agreements or understandings, written or oral,
concerning the subject matter of these Service Terms. In case of any conflicts
between any of the terms of the sections of these Service Terms and the
attached Exhibits and Schedules, the terms and conditions of these Service
Terms shall prevail. These Service Terms may not be modified or amended except
in writing signed by a duly authorized representative of each Party or
otherwise in accordance with the terms of these Service Terms. If any provision
of these Service Terms is held to be invalid or unenforceable, the remainder
will remain in full force and effect. The waiver by either Party of any default
or breach of these Service Terms will not constitute a waiver of any other or
subsequent default or breach.
11.8. Nothing contained in these
Service Terms is intended, or shall be interpreted or
construed to create or establish a franchise. If any provision of these Service
Terms is deemed to create a franchise relationship between the Parties, then
the Parties shall negotiate in good faith to modify these Service Terms to
affect the Parties’ original intent as closely as possible in a mutually
acceptable manner so that the transactions contemplated hereby are consummated
as a vendor agreement and not as a franchise agreement.
11.9. Nothing herein contained
shall be construed to constitute a joint venture or partnership between the
Parties.
11.10.Global-e will be an
independent contractor, and its employees and/or other personnel will not be
deemed to be your employees or personnel.
11.11.The titles of the sections of
these Service Terms are for convenience of reference only and are not to be
considered in construing these Service Terms. Unless the context of these
Service Terms clearly requires otherwise: (i)
references to the plural include the singular, the singular the plural, and the
part the whole, (ii) references to one gender include all genders, (iii)
"or" has the inclusive meaning frequently identified with the phrase
"and/or," (iv) "including" has the inclusive meaning
frequently identified with the phrase "including but not limited to"
or "including without limitation," (v) references to
"hereunder," "herein" or "hereof" relate to these
Service Terms as a whole, (vi) the term "days" refers to calendar
days and not business days, unless expressly noted and (vii) all monetary
amounts are stated (and paid) in USD unless otherwise is clearly indicated and
agreed. The Parties agree that these Service Terms shall be fairly interpreted
in accordance with its terms without any strict construction in favor of or
against either Party, and that ambiguities shall not
be interpreted against the drafting Party.
12. GLOBAL-E CONTRACTING PARTY
For purposes of these Service Terms, the Global-e contracting party is
Flow Commerce Inc., d/b/a Global-e, a Delaware Corporation, with offices
located at 200 West 41st Street New York, New York 10036. Certain features of
the Markets Pro Services may be performed by other Global-e group-entities, to
which we will remain fully liable and responsible as if such group entity was
the contracting party under these Service Terms.
SCHEDULE 1 – PRICING
Pricing
●
The Shopify Markets Pro Fee is
calculated as 6.5% of the Total Order Value of a Customer Order.
●
The Currency Conversion Fee* is
calculated as 2.5% of the Total Order Value of
a Customer Order. Please review your
Shopify Admin for specific details regarding any Currency Conversion Fee
Please
note that shipping label fees will be charged separately.
The Markets Pro Services
include:
● Global-e acting
as merchant of record and exporter of record as described in these Service
Terms.
● Classification of
your product catalog in order to identify any Product regulatory-restrictions
in accordance with applicable laws, regulations and orders pertaining to
personal-import of such Products and restrict the sale of such Products.
● Customer Order
payment processing via supported payment service providers using payment
methods supported (please refer to this page**), using, if
applicable, local acquiring. Additional charges may apply for certain buy now
pay later payment methods, if enabled.
● Fraud detection
and protection (credit cards) as described in the Service Terms.
● Guaranteed Taxes
and Duties calculation as described in the Service Terms.
● Shipping label
& commercial invoice generation as described in the Service Terms.
● Access to Duties
Prepaid shipping at negotiated rates.
* Currency Conversion Fee contemplates the following:
-
24 hour lock on the
syndicated exchange rate of the day used for pricing, regardless of market
movement.
-
30 day hedge from
authorization to protect against fluctuations between order placement,
shipment, return, and refund, to help you avoid losses resulting from currency
value fluctuations during such time period.
** Additional Payment Methods may be added
from time to time at our sole discretion
Data Processing Addendum
About
this document:
This Data Processing
Addendum (hereafter the “Addendum”
or “DPA”) is a set of data processing clauses that will determine how the
Contracting Party of the Global-e group (as defined in Section 12 hereof) (“Global-e” or “we”
or “us”) carry out the sharing (with you and third parties) and the
processing of Personal Data (as defined below) in accordance with applicable Data Protection Laws (as
defined below).
This Addendum amends and addends the Service Terms between us
and you (each
shall be referred to herein as a “Party” and together, the “Parties”), and is
incorporated into the Service Terms by refences.
1.
DEFINITIONS
a.
“Affiliate” means any entity
that directly or indirectly controls, is controlled by, or is under common control with the
subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50%
of the voting
interests of the subject
entity.
b.
“CCPA” means the California Consumer Privacy Act of 2018, Cal.
Civ. §§ 1798.100 et. seq.
c.
The terms, "Controller", "Member
State", "Processor", “Sub-processor”,
"Processing" and "Supervisory Authority"
“Personal Data Breach” shall have the same meaning as in the GDPR. The
terms “Business”, “Business Purpose”, “Consumer”
and “Service Provider” shall have the same meaning as in the
CCPA.
d.
For
the purpose of clarity, within this DPA “Controller”
shall also mean “Business”, and “Processor” shall also mean “Service
Provider”, to the extent the CCPA
applies.
e.
“Data Protection Laws” means all applicable and binding privacy and data protection laws and regulations, including such laws and regulations as applicable to the Processing of the Shared Personal
Data under the Service Terms including (without limitation) the GDPR, the UK GDPR, and the CCPA, as applicable
to the Parties in relation to the Shared Personal Data hereunder and in effect
at the time of the Parties’ performance hereunder.
f.
“Data Subject” means the identified or identifiable person to whom
the Personal Data relates.
g.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing
Directive 95/46/EC
(General Data Protection Regulation).
h.
“Personal Data” or “Personal
Information” means any information that
identifies, relates to, describes, is capable of being associated with, or
could reasonably be linked, directly
or indirectly, to or with an identified
or identifiable natural person or
Consumer, which is processed by a Party, under this DPA and the Service Terms.
i.
“Shared
Personal Data” means the Personal Data shared by Global-e with you or shared by you with
Global-e under the Service Terms
and this DPA as
further detailed in Schedule 1 attached hereto.
j.
“Standard
Contractual Clauses” shall mean
the Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU)
2021/914 of 4 June 2021.
k.
"UK
GDPR" means the Data Protection Act 2018, as well as the GDPR as it forms part of the law of England
and Wales, Scotland
and Northern Ireland by virtue of section 3 of the European Union (Withdrawal)
Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications
(Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).
2. PROCESSING OF PERSONAL DATA
a.
Roles of the Parties. The Parties acknowledge and agree that with regard to
the Shared Personal Data, each Party will act as separate and independent Data
Controllers. The Parties acknowledge and agree that they will not be joint or ‘co’
controllers (as defined in the GDPR) with respect to the Shared Personal Data.
b.
Notice
and Legal Basis. Each party shall ensure that it has legitimate
grounds under the Data Protection Legislation for the Processing of Shared
Personal Data. Global-e undertakes to inform the Data Subjects, in accordance
with the Data Protection Law, of the purposes for which it will process their
Personal Data, the legal basis for such purposes and such other information as
is required by the Data Protection Law including (i) if Shared Personal Data will be transferred to a
third party, that fact and sufficient information about such transfer and the
purpose of such transfer to enable the Data Subject to understand the purpose
and risks of such transfer; and (ii) if Shared Personal Data will be transferred outside the UK or EEA, that
fact and sufficient information about such transfer, the purpose of such
transfer and the safeguards put in place to enable the Data Subject to
understand the purpose and risks of such transfer.
c.
The Parties’ Processing of
Shared Personal Data. When Processing the Shared
Personal Data under the Service Terms and this DPA, each Party shall Process the Shared Personal Data solely for the following
purposes: (i) Processing in accordance with the Service Terms and
this DPA; and (ii) Processing as allowed or required under applicable Data Protection Laws. Notwithstanding the above, the Parties may use the Shared Personal
Data for their own purpose provided that, the appropriate legal basis and any
other requirements under applicable Data Protection Laws required for such
additional Processing activities have been established by the Party prior to
the execution of such additional Processing activities. Without prejudice to
the legitimate interest as a data controller, Global-e, as data controller, is
deemed to have a legitimate interest and business purpose or rely on consent (where
required by Data Protection Law) in
processing Personal Data to (list non-exhaustive): (i)
provide aggregated and statistical information and analyze trends; (ii) enhance
and improve Global-e’s current services and develop new ones, including
undertaking internal research for technological development and demonstration,
and activities to verify or maintain the quality or safety of a service or
device that is owned, manufactured, manufactured for, or controlled by
Global-e, and to improve, upgrade, or enhance the service or device that is
owned, manufactured, manufactured for, or controlled by Global-e; (iii) manage
information security, including debugging to identify and repair errors that impair
existing intended functionality; (iv) prevent fraud and detect security
incidents, protecting against malicious, deceptive, or illegal activity, and
prosecuting those responsible for that activity; (v) handle disputes with
Merchants, Shoppers and third-parties; (vi) handle Shopper complaints and
assist Merchants handling same; (vii) demonstrate compliance with Data
Protection Legislation; (viii) transfer data between its group companies; (ix)
performing services including maintaining or servicing accounts, providing
customer service, processing or fulfilling orders and transactions, verifying
customer information, processing payments, providing financing, engage in advertising or marketing including by way of
e-marketing, providing
analytic services, or providing similar services.
3. COMPLIANCE WITH DATA
PROTECTION LAWS
Without derogating from the foregoing, each Party shall be
responsible independently and separately for complying with the obligations
that apply to it as a Data Controller under Data Protection Laws, including
with regards to the Shared Personal Data.
4. DATA SUBJECT RIGHTS
Taking into account the nature of
the Processing, the Parties each agree to provide such assistance as is
reasonably required and requested by the other Party to enable it to comply
with requests received from Data Subjects to exercise their rights under Data
Protection Laws with respect to the Shared Personal Data, within the time
limits imposed by the Data Protection Law pursuant to which the Data Subject
Request was made. Each Party is responsible for maintaining records of Data
Subject Requests it receives and the decisions made with respect thereto, as
required under Data Protection Laws.
5. SECURITY
a.
Each Party shall have implemented and will maintain,
appropriate technical and organizational measures for
the protection of the Shared Personal Data Processed
hereunder as required by Data Protection Laws (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to Shared
Personal Data, confidentiality and integrity of the
Shared Personal Data). Global-e’s current technical and organizational measures (‘TOMs’) are listed in Annex A hereto.
b.
Without derogating from the foregoing, each Party shall be responsible to
comply with security requirements that apply to it as a Data
Controller under Data Protection laws, including with regards
to the Shared Personal Data.
6. CONFIDENTIALITY
The
Parties shall ensure that Personal Data is kept confidential
and their personnel, advisors, and sub-processors engaged in the
Processing of Shared Personal Data have committed themselves to
confidentiality.
7. PERSONNEL
a.
Each
Party shall take reasonable steps to ensure the reliability of staff and
advisors who may have access to Shared Personal Data, prior to allowing them
such access. If an individual is not suited to access Shared Personal Data, then the Party shall not
provide such individual with access to Shared Personal Data.
b.
Each
Party shall ensure that all its staff: (i) has such
access only as necessary for the purposes as determined herein and by each Part
separately; (ii) are contractually bound to confidentiality requirements no less onerous than in
this DPA and the Service Terms ; (iii) are provided with appropriate privacy
and security training, at least annually; (iv) are informed of the confidential
nature of the Shared Personal Data, and required to keep it confidential; and
(v) are aware of their Party’s duties and obligations under this DPA and the
Service Terms .
8. DATA INCIDENT MANAGEMENT AND NOTIFICATION
a.
Each Party shall:
i.
without undue delay, notify the other party of the
existence, nature and scope of any Personal Data Breach affecting Shared
Personal Data; in any case within a sufficient timeframe to enable the other
Party to comply with their respective obligations (if any) to make
notification(s) of the Personal Data Breach under Data Protection Laws;
ii.
comply with its obligations under applicable Data
Protection Laws in respect of all Personal Data Breaches affecting Shared
Personal Data;
iii.
without undue delay, notify the other party of the
existence of any requests for disclosure of the
Shared Personal Data by a Supervisory Authority and/or any other law enforcement
authority or court unless prohibited under criminal law specifically requiring
the disclosing Party to preserve the confidentiality of a law enforcement
investigation against the other Party.
iv.
not make,
disclose, release or publish any finding, admission of liability,
communication, notice, press release or report concerning any Personal Data Breach or disclosure request
which directly or indirectly identifies the other Party (including in any legal
proceeding or in any notification to regulatory or supervisory
authorities or affected individuals) without the other Party’s prior written approval, unless, and solely to the extent that, the disclosing Party is
compelled to do so pursuant to applicable Data Protection Laws. In the latter
case, unless prohibited by such laws, the disclosing Party shall provide the
other Party with reasonable prior written notice to provide the other Party
with the opportunity to object to such disclosure and in any case the
disclosing Party shall limit the disclosure to the minimum scope required.
9. CROSS BORDER TRANSFERS
a.
Transfers from the EEA, Switzerland and the United Kingdom to countries
that offer adequate level of data protection. Personal Data may be
transferred from EU Member States, the three EEA member countries (Norway,
Liechtenstein and Iceland) (collectively, “EEA”),
Switzerland and the United Kingdom (“UK”)
to countries that offer an adequate level of data protection under or pursuant
to the adequacy decisions published
by the relevant data protection authorities
of the EEA, the European Union, the Member States or the European Commission,
Switzerland, and/or the UK as relevant (“Adequacy
Decisions”), as applicable, without any further safeguards being necessary.
b.
Transfers from the EEA, Switzerland and the
United Kingdom to other countries. If the Parties’ processing of the Shared
Personal Data under this DPA includes a transfer (either directly or via an
onward transfer):
i.
From the EEA or Switzerland to other countries which have not been
subject to a relevant Adequacy Decision, and such transfers are not performed through an
alternative recognized compliance mechanism for the lawful transfer of
personal data (as defined in the GDPR) outside the EEA or Switzerland (“EEA
Transfer”), the terms set forth in Part 1 of Schedule 2
(EEA Cross Border Transfers) shall apply;
ii.
From the UK to other countries which have not been subject to a relevant
Adequacy Decision, and such transfers are not performed through an alternative recognized
compliance mechanism for the lawful transfer of personal data (as defined in
the UK GDPR) outside the UK (“UK Transfer”), the terms set forth in Part
2 of Schedule 2 (UK Cross Border Transfers) shall apply;
iii.
the terms set forth in Part 3 of Schedule
2 (Additional Safeguards) shall apply to an EEA Transfer and a UK
Transfer.
10.
Whenever reasonable collaboration or assistance between
the Parties is necessary in order for one or both of the Parties to comply
with any of its obligations, under the applicable Data Protection Laws (e.g.,
obligations on accountability, obligations related to Data Subject requests,
obligations around cross-border transfers of Personal Data, obligations related
to supervisory authority requests), such reasonable collaboration or assistance will be provided
in good faith.
11.
This Addendum reflects the only provisions existing between Global-e
and you on the use of
Shared Personal Data
in relation to the performance of the Services, and supersedes any prior
agreements or understandings entered into between the
Parties on this subject.
12.
For purposes of this DPA,
the Global-e Contracting Party is Flow Commerce Inc., d/b/a Global-e, a
Delaware Corporation, with offices located at 200 West 41st Street New York,
New York 10036.
SCHEDULE 1 - DETAILS OF THE SHARED
PERSONAL DATA
Categories of Data
Subjects:
Consumers shopping on e-commerce
websites and navigating through the Global-e platforms (Shoppers as defined in the
Service Terms), and as described in the Service Terms
Type of Personal Data to be shared: Names, title, addresses,
telephone numbers, nationality, account numbers, email address, phone numbers,
and additional data required for shipment clearance as per local regulations,
or otherwise to lawfully provide the Services (e.g., national ID number /
document copies), and transaction information on the basis that this is
necessary for the performance of the sales contract to which the Shopper is
part, and as described in the Service Terms.
Special/ Sensitive category data: N/A
Purpose: To allow for the lawful
provision of the Services, under the Service Terms, and in addition:
·
provide aggregated and statistical information and analyze Shopper trends;
·
enhance and improve Global-e’s current services and develop new ones,
including undertaking internal research for technological development and
demonstration, and activities to verify or maintain the quality or safety of a
service or device that is owned, manufactured, manufactured for, or controlled
by Global-e, and to improve, upgrade, or enhance the service or device that is
owned, manufactured, manufactured for, or controlled by Global-e;
·
manage information security, including debugging to identify and repair
errors that impair existing intended functionality;
·
prevent fraud and detect security incidents, protecting against
malicious, deceptive, or illegal activity, and prosecuting those responsible
for that activity;
·
handle disputes with Merchants, Shoppers and third-parties;
·
handle Shopper complaints and assist Merchants handling same;
·
demonstrate compliance with Data Protection Legislation;
·
transfer data between its group companies;
·
performing services including maintaining or servicing accounts,
providing customer service, processing or fulfilling
orders and transactions, verifying customer information, processing payments,
providing financing, engage in advertising or marketing including by way of
e-marketing,
providing analytic services, or providing similar services.
And all such other
purposes described in each Party’s Privacy Policy and in the Service Terms.
Recipients. The personal data
transferred may be disclosed only to the following recipients or categories of
recipients: Other Global-e Group affiliates or external subcontractors (as
necessary to manage the provision of the Services and ensure the cross-border
delivery of Services), screening providers and competent public authorities or
bodies (where required to lawfully provide the Services).
SCHEDULE 2 – CROSS BORDER TRANSFERS
1.
PART 1 – EEA Transfers
1.1.
The Parties agree that the terms of the
Standard Contractual Clauses are hereby incorporated by reference and shall apply
to an EEA Transfer.
1.2.
Module One (Controller to Controller) of the
Standard Contractual Clauses shall apply where the EEA Transfer is effectuated
by Global-e as
an independent and separate data controller of the Shared Personal Data to the
Merchant as an independent and separate data controller of the Shared Personal
Data.
1.3.
Clause 7 of the Standard Contractual Clauses
(Docking Clause) shall not apply.
1.4.
In Clause 11 of the Standard Contractual
Clauses, the optional language will not apply.
1.5.
With respect to Clause 17 of the Standard
Contractual Clauses the Parties agree that the Standard Contractual Clauses
shall be governed by the laws of the Republic of Ireland.
1.6.
In Clause 18(b) of the Standard Contractual
Clauses, disputes will be resolved before the courts of the Republic of
Ireland.
1.7.
Annex I.A of the Standard Contractual Clauses
shall be completed as follows:
Data
Exporter: Flow Commerce Inc., d/b/a Global-e
Contact
details: As detailed in the Service Terms.
Data
Exporter Role:
Module
One: The Data Exporter is an independent and separate data controller.
Signature and Date: By entering into the Service Terms and DPA, Data Exporter is
deemed to have signed these Standard Contractual Clauses incorporated herein,
including their Annexes, as of the Effective Date of the Service Terms.
Data
Importer: you
Contact
details: As detailed in the Service Terms.
Data
Importer Role:
Module
One: The Data Importer is an independent and separate data controller.
Signature and Date: By entering into the Service Terms and DPA, Data Importer is
deemed to have signed these Standard Contractual Clauses, incorporated herein,
including their Annexes, as of the Effective Date of the Service Terms.
1.8.
Annex I.B of the Standard Contractual Clauses
shall be completed as follows:
1.8.1.
The categories of data subjects are described
in Schedule 1 (Details of Processing) of this DPA.
1.8.2.
The categories of personal data are described
in Schedule 1 (Details of Processing) of this DPA.
1.8.3.
The frequency of the transfer is a continuous
basis for the duration of the Service Terms.
1.8.4.
The nature of the processing is described in Schedule
1 (Details of Processing) of this DPA.
1.8.5.
The purpose of the processing is described in
Schedule 1 (Details of Processing) of this DPA.
1.8.6.
The period for which the personal data will
be retained is for the duration of the Service Terms, unless agreed otherwise
between the Parties.
1.8.7.
To the extent applicable, the subject matter,
nature, and duration of the processing of transfers to Sub-processors, shall be
set forth in Schedule 1 (Details of Processing) of this DPA.
1.9.
Annex I.C of the Standard Contractual Clauses
shall be completed as follows:
1.9.1.
The competent supervisory authority in
accordance with Clause 13 is the supervisory authority in the Member State
stipulated in Section 5 above.
1.10.
The security measures set forth in Section 5
of the DPA shall serve as Annex II of the Standard Contractual Clauses.
1.11.
To the extent there is any conflict between
the Standard Contractual Clauses and any other terms in this DPA or the Service
Terms, the provisions of the Standard Contractual Clauses will prevail.
2.
PART 2 – UK Transfers
2.1. The Parties
have agreed that the Standard Data Protection Clauses issued by the Information
Commissioners Office under S119A(1) Data Protection Act 2018 (“UK
Addendum") (found here) are hereby
incorporated by reference and shall apply to a UK Transfer.
2.2. The UK
Addendum is hereby incorporated by reference:
a.
Table 1: The Parties: as detailed in the
Service Terms.
b.
Table 2: Selected SCCs, Modules and Selected
Clauses: as detailed in Part 1.
c.
Table 3: Appendix Information: as set out in
the Annexes to Part 1.
3.
PART 3 – Additional Safeguards
3.1. In the event
of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with
the following safeguards and representations, where appropriate:
3.1.1.
The Data Importer shall
have in place and maintain in accordance with good industry practice measures to protect the Personal Data from
interception (including in transit from the Data Exporter to the Data Importer
and between different systems and services). This includes having in place and
maintaining network protection intended to deny attackers the ability to
intercept data and encryption of Personal Data whilst in transit and at rest
intended to deny attackers the ability to read data.
3.1.2.
The Data Importer will
make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the
Personal Data protected under GDPR or the UK GDPR, including under section 702
of the United States Foreign Intelligence Surveillance Act (“FISA”);
3.1.3.
If the Data Importer
becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a
mandatory basis, then unless legally prohibited or under a mandatory legal
compulsion that requires otherwise:
i. The Data Importer shall inform Data Exporter in writing;
ii. The Data Importer will use commercially reasonable
legal mechanisms to challenge any such demand for access to Personal Data which
is under the Data Importer’s control and notify the Data Exporter, immediately
after first becoming aware of such demand for access and provide the Data
Exporter with all relevant details of the same, unless and to the extent
legally prohibited to do so.
3.2. Once in every 12-month period, the Data Importer will
inform the Data Exporter, at the Data Exporter’s written request, of the types
of binding legal demands for Personal Data it has received and solely to the
extent such demands have been received, including national security orders and
directives, which shall encompass any process issued under section 702 of FISA.
In the event of an EEA Transfer or a UK Transfer, the Parties agree to have in place and maintain in accordance
with good industry practice measures to protect the Shared Personal Data from
interception (including in transit from Data Exporter to Data Importer and
between different systems and services).
Annex A - Technical and Organizational Measures
Considering the nature, scope, context and purposes of Global-e’s
processing activities and the risk for the rights and freedoms of natural persons,
the following is a description of the elements that are essential to the level
of security applied to such processing.
Ensuring Ongoing Confidentiality, Integrity, Availability
and Resilience of Processing Systems and Services
Cyber security is strongly incorporated into
Global-e’s DNA. Processing personal data is core function of Global-e’s
service. Therefore, we pay significate attention to protect sensitive data. All
sensitive costumer data reside solely on AWS servers. Storage of sensitive data
on end-points devices, print copies and mass storage devices is forbidden and
controlled accordingly. Standard Integration with your website
usually done via iframes and API calls.
Data coming from your side is transferred to Global-e servers, encrypted at the
application layer and stored immediately in the
database. Data in transmitting is encrypted using TLS 1.2 and above.
Global-e production environment is protected
by several security layers and countermeasures, such as: Firewall UTM, CloudFlare Anti-DDOS and WAF, EDR etc.
Systems and servers
undergo backup daily.
Even-though
no sensitive data reside on workstations, endpoints are part of company domain, hardened and controlled
using Intune.
All information systems
are patched monthly
after sufficient testing,
or ad-hoc manner when a
specific critical vulnerability that affects the systems is announced. Security
audits and penetration tests are done quarterly by external Independent security companies.
Access and permissions are granted according to the principle
of least privilege
after strong business justification and are fully monitored.
Ability to Restore
the Availability and Access to Personal Data in a Timely Manner
in the Event of a Physical or Technical Incident
RPO set to less than 24 hours
in total data loss scenario. RTO is set to couple of hours
from total system wipe.
For DR, Global-e
maintains two environments in AWS, one in Frankfort and one in Ireland. In crisis, Global-e has necessary policies
and procedure for incident handling. Global-e
holds applicative and infrastructural backups at several different levels.
At the code level, every project or change in
a project are backed up continuously. At the application level, builds are
backed up in 2 different regions (main and DR). At the server level, every
production server is fully backed up once or twice a week (depends on the amount of changes running in each server).
From the infrastructure point of view, there
are a few levels of backup and redundancy, the first one is at the network level,
each product is distributed on Multi-Availability zone to support infrastructure
dysconnectivity on the zone level, in addition, each application deployment is
also deployed to a similar role server that serves similar applications and able to be used as a backup based
on a decision. The last
option is global-e's DR Site. The DR site receives code deploy
approximately 24 hours after code has
been deployed successfully to the main site.
All the processes
mentioned above, including a full transition to the DR site, are fully
automated (at the execution script level, not at the decision-making level) and tested
at least once a year.
Processes for Regularly Testing, Assessing and Evaluating
the Effectiveness of Technical and Organizational Measures for Ensuring the
Security of The Processing
To ensure compliance with relevant
legislation and regulation, Global-e conducts annual
security audit performed by external auditor, aimed specifically to data
processing. to make sure perfect alignment with GDPR and applicable laws.
External penetration testing is done on
quarterly basis. Additionally, a general security audit is performed annually.
Findings and relevant improvements are evaluated and addressed accordingly.
Users Identification and Authorization – Access Management
Global-e corporate network
is managed using AzureAD and Intune.
All workstations are part of
the domain and controlled accordingly. A rigors password policy is in place. Users permissions are granted against business
justification. By default, users do
not have administrative rights on their computers.
Access to production environment is strictly
controlled, granted upon specific request and strong justification. Access to
production and/or production related systems requires two factor
authentication.
Access to client’s
data is done via Global-e
Administration interface. This interface is a dedicated web portal allowing
your access to data and configuration. Upon access the relevant data is retrieved from the database
and decrypted on-the-fly by the application.
Access to admin interface is restricted by
credentials provided to your POC. Internally,
access to admin interface is minimized to only employees
who are responsible for costumer
operations and technical
support. Credentials are provided
only after proving of business
justification and are minimized to least privileges and need-to-know basis. Access
to admin interface
is restricted, controlled and monitored.
Protection of Data During Transmission and at Rest
Data in motion - All Global-e interfaces are
encrypted using TLS 1.2 or above with best available ciphers. Data at rest -
Data at rest is stored encrypted using AES 256. A unique encryption key is
assigned for each merchant.
Physical Security of Locations at which Personal
Data are Processed
Company’s platform is hosted on AWS cloud
infrastructure, and as part of the organizational policies, customer data is
not stored at Company’s offices or in any location except for Global-e
cloud-based production environment.
Events Logging
and Reporting
All information systems
produce logs for security, it and application events.
Security related logs are being collected by dedicated server (IBM Qroc Event collector) and transmitted to MSSP who provide Global-e with 24/7/365 SOC service. Additional copy of all logs is stored
in security data lake. Alongside
security monitoring logs are
also collected for infrastructure monitoring and costumer experience
monitoring. In addition to security logs, all the infrastructure monitoring logs and application logs are being collected in a central
ELK system that creates relevant alerts and reports and being handled by
24/7/365 NOC Team.
System Configuration, Including
Default Configuration
Global-e infrastructure in all its parts is
hosted by AWS and takes advantage of all technological solutions of working
in the cloud. Although our infrastructure is multi-
tenant infrastructure, we have complete separation backed by different
encryptions for each merchant that does not allow information to leak between
merchants. In addition, the entire infrastructure is distributed in a Multi AZ
structure with only local subnets and all outgoing
or incoming communications are monitored by a UTM in addition to a WAF solution that
filters any unapproved access.
Internal IT and IT security governance and managements /
certification / assurance of processes and products
Global-e has an ISMS in place to evaluate cyber security based risks to the company and its data assets. Company’s
information security framework designed and implemented according to industries
best practice, costumers’ requirements, contractual obligations
and applicable legislation. Global-e is PCI-DSS level 1 certified, and in the
process of ISO 27001 and SOC2 certifications.
Global-e annual security plan is led by company’s CISO and overseeing by
management bord.
Data Avoidance and Minimization
While conducting online purchase costumers
are required to provide data relevant to allow successful delivery. This data includes: Full name, address, phone number, email address
and IP address.
Credit card data is provided by the user to
complete the order. According with PCI DSS directives, this data is not stored
on Global-e’s systems
and transmitted directly to relevant payment provider. To
allow resolution of injuries first six and last four digits of card number are
stored alongside order number. To comply with PCI DSS, this data (although allowed
by the standard) is stored
in a dedicated highly protected database. Data retention policy
indicates that PII data will be stored
for a year to allow
inquiries and customer support. To balance GDPR and HMRC regulation,
after a year period PII data is truncated and moved to a different database.
Thus, accessing data older than a year will display only technical data without
PII.
Data Retention
Data retention policy
indicates that PII data will be stored
for a year to allow inquiries
and customer support. To balance GDPR and HMRC regulation, after a year period
PII data is truncated and moved to a different database. Thus, accessing data
older than a year will display
only technical data without PII, and full access to data will be
subject to a strict approval process under DPO scrutiny.
Accountability
Company has in place policies and procedures
containing formal instructions for data processing procedures; Contractors are being carefully vetted with regard to data security; Company personnel is being
trained periodically to maintain awareness regarding data protection and
security requirements.
Data Portability and Data
Disposal
As stated above, all Global-e information
systems reside on cloud, therefore no digital
or physical devices
are kept on-prem.
The storage of PII data,
or any company data is done solely in the cloud; the storage of data
on workstations is strictly forbidden. Data retention policy indicates that PII data will be stored for a year to allow inquiries
and customer support. To balance GDPR and HMRC regulation, after a year period
PII data is truncated and moved to a different database. Thus, accessing data
older than a year will display only technical data without PII.
Personnel
Talent acquisition process is conducted
through a carefully crafted HR process. Manning a position requires the
involvement of at least three different people: The recruiting manager, HRBP,
VP of HR, and recruiting managers’ supervisor. Part of pre-employment screening
includes relevant background checks (subjected to local regulation), and
reference check. All employees are required to sign Non discloser Agreement
(NDA) as part of
standard employment contract. The on-boarding process include written short security
briefing. Additionally, employees are required to undergo security awareness
training upon onboarding and annually. Relevant awareness campaigns are
initiated ad-hoc. Permissions are given after user had clearly justified the
need and business justification. Permissions are reviewed periodically.