Privacy Notice For Customers

Privacy Notice For Customers

Global-e Privacy Policy

Last updated: July 15, 2021

This Privacy Policy (“Policy”) governs how we, Global-e or any of our affiliated companies (Global-e U.K. Ltd., Global-e US Inc, Global-e NL B.V., Global-e France SAS, Global-e Spain S.L., Global-e Canada E-commerce Ltd., Globale Hong Kong Limited, Global-e CH AG, Global-e Australia Pty Ltd., Global-e Japan KK, Global-e (Beijing) Technology Co., Ltd., Global-e Online Pte. Ltd., Olami E-commerce Solutions Ireland Limited, in each case) (together with our respective affiliates and subsidiaries, “Global-e”, “we”, “ourorus”), collect, receive, use, store and disclose Information (defined below) about individuals in connection with the use of our online order processing and fulfilment services for the sale of products to you (“Service”).

We make great efforts ascertaining that we secure your Information and use it properly.

This policy explains our privacy practices for processing Information regarding our Services. We will collect, use or disclose your Information only in accordance with the terms of this policy.

For Canadian residents: Please note that the Information we collect from you may be transferred to Israel, the United Kingdom (UK), the European Union and the United States. By agreeing to this Policy, you consent to your Information being transferred and collected, used, and disclosed in accordance with this Policy.

For Brazilian residents: Please note that the Information we collect from you may be transferred to Israel, the UK, the European Union and the United States. By agreeing to this Policy, you agree to your Information being transferred and collected, used, and disclosed in accordance with this Policy.

For residents of the China Mainland: Please note that the Information we collect from you may be transferred to Israel, the UK, the European Union and the United States. By agreeing to this Policy, you consent to your Information and sensitive personal Information being transferred and collected, used, and disclosed in accordance with this Policy.

For Australian residents: Please note that the Information we collect from you may be transferred to Israel, the UK, European Union and the United States. By agreeing to this Policy, you consent to your Information being transferred and collected, used, and disclosed in accordance with this Policy. By consenting to overseas disclosure, you acknowledge that we do not guarantee that the overseas recipient will comply with the Australian Privacy Principles and they may not be subject to privacy obligations similar to those in your jurisdiction. We will not be liable to you for breaches of the Australian Privacy Principles committed by the overseas recipient.

For users in Singapore: Please note that the Information we collect from you may be transferred to Israel, the UK, the European Union and the United States. By agreeing to this Policy, you consent to your Information and sensitive personal Information being transferred and collected, used, and disclosed in accordance with this Policy.

The below summary of this Policy will give you an overview of our practices. Please also take the time to read our full Policy for further detail in each area.

If you do not wish us to collect your Information, please do not submit it to us. However, please bear in mind that we will not be able to process your order without receiving your details.

Global-e may change and update the terms of this Policy from time to time. If we decide to change our Privacy Policy materially, we will post the revised Policy here with an updated effective date and we will inform you of such changes by any appropriate means.

Summary of Global-e Privacy Policy

The Information You Provide Us and We Collect

If you use the Service, we will need your Information (such as your name, email address and physical address) to process the transaction and deliver the purchased products. We will need your payment details to process your payment. We will also receive any Information that you provide us when you contact our customer support.

We automatically log ‘traffic/session’ information including IP addresses and your user agent. We also collect session durations and additional activity information.

Cookies – We use cookies to make it easier for you to log-in and to facilitate Service activities. We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and cookies.

What Do We Do with Your Information? – We use your Information for performing the contract with you and for our related legitimate interests. We maintain the Service, make it better, and continue developing it, and protect us and the Service from misuse and law violations.

Sharing Information with Others – We will share Information that we collect with the specific Retailer who owns or operates the website from which you made your purchase. We will provide the Retailer with your Information for Retailer’s marketing purposes, if you provided your specific consent.

If you do not agree with the disclosure of your Information to a third-party retailer, you will not be able to use the Service. By agreeing to this Policy, you agree to the disclosure of your Information to third-party retailers. You will also need to read and understand the privacy policies of those retailers.

We will share your Information with service providers and other third parties, including those who provide us standard analytics tools, if necessary, to fulfil the purposes for collecting the Information, provided that any such third party will commit to protect your privacy as required under applicable law and this Policy.

Sharing Information in case of a Structural Change – a merger, acquisition or any other structural change will require us to transfer your Information to other entities, provided that the receiving entities will comply with similarly protective policy in accordance with applicable law.

Anonymous, Aggregated and Analytical Information – We may take steps to de-identify and make anonymous some of your Information so that it no longer can be used to directly or indirectly identify you (we will do this in a way that will also prevent this data from ever being re-identified). We may use Anonymous Data in a number of ways to improve our Services or share it with third parties. In those case, we will do so without notice to you.

Your Choice – You may terminate your use of the Service. Our Service does not respond to Do Not Track (DNT) signals.

Specific Provisions for California Residents and Consumers Privacy Rights – If you are a California resident, further terms apply to our processing in relation to your rights as a consumer under the CCPA.

Specific Provisions for Brazilian Residents – if you are a Brazilian resident, further terms apply to our processing in relation to your rights as a data subject under the Brazilian Data Protection Law – (“LGPD”).

Other Sites and Services – The Service contains links to third party websites and services that are subject to their own privacy policies. Please read these policies and make sure you understand them.

Children’s Privacy – We do not intend to collect Information from anyone we know to be under the legal minimum age in each jurisdiction where the Service is available (“Minimum Age”). If you believe that we have collected such information, please contact us.

Security and Data Retention – We implement systems, applications and procedures to secure your Information, to minimize the risks of theft, damage, loss of Information, or unauthorized access or use of Information. We retain data as needed, to provide the Service and for legitimate and lawful purposes.

Accessing and Correcting Your Information – At any time you can request access to your Information by contacting us. You may also request that your information be corrected should it be inaccurate.

Your EU and UK Data Subject Rights – If we process your Information when you are in the EU or where UK data protection laws apply, further terms apply to our processing in relation to your rights as a data subject under EU and UK data protection laws.

Transfer of Data Outside your Territory – If we transfer your Information outside your territory, it will be in accordance with applicable law and this Policy.

Dispute Resolution – Contact us at: dataprotection@global-e.com or write us for specific requests or complaints. We will make good-faith efforts to resolve any existing or potential dispute with you.

Additional Information for Users of Other Jurisdictions – If you are a user in certain other jurisdictions, we have some clarifications and further information for you in relation to the applicable local law.

Changes to this Privacy Policy – We will update this Policy from time to time and post any material changes we make. If you continue to use the Service after these changes are posted, you agree to the revised Policy

Contact Us – please contact us at: dataprotection@global-e.com for further information. Our EU-GDPR representative according to Art. 27 GDPR is Rickert Rechtsanwaltsgesellschaft mbH, Colmantstraße 15, 53225 Bonn, art-27-rep-global- e@rickert.law.

1. How We Collect Your Information

We receive and collect Information from you in the following ways:

1.1 Purchases. The Service enables you to purchase online merchandise from retailers in certain jurisdictions that do

not normally provide order processing and fulfilment services (“Retailers”).

If you choose to make a purchase, payment or place an order via the Service we will require sufficient information, including Information, from or about you in order to process and complete the transaction, as well as to provide subsequent notification and support services.

This information will be provided by you to us directly or in certain cases (where you are pre-registered with the Retailer) specific information will be provided by the Retailer to pre-populate transaction forms for ease of completion by you.

1.2 Transaction. We collect information about the item(s) purchased and about you - the purchaser, in particular: first name, last name, email, phone number and postal address and payment information including the payment method and payment details (with expiration dates) and any payment voucher details that you provide us.

1.3 Delivery. We collect information about the preferred shipping and delivery details relevant to the specific transaction and contact details to send notification of the placement shipping and fulfilment of the order.

1.4 Enquiries. When you contact us, or when we contact you, we will receive and process any Information that you provide us.

1.5 Log Files. We use log files that we collect automatically from your computer or device when you interact with the Service. The information contained in log files includes internet protocol (IP) (the unique address that identifies your computer or device on the internet), type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser sends to us.

Information” means any information relating to an identified or identifiable individual including a first and last name an email address, a home or other physical address, or other contact information. It also includes indirect identifiers such as credit card information or online identifiers. Subject to applicable law, Information we process may include types of information which your jurisdiction may regard as sensitive, such as forms of financial or payment information. We will follow applicable law in the processing of such Information for the purposes mentioned under this Policy.

2. Cookies

We use cookies and similar tracking technologies to make sure that our Service is continuously improved and meets your needs.

Please view our Cookies Policy for more information on our use of cookies.

3. What Do We Do with the Information?

Your Information will be used in the following ways:

3.1 Performance of our contract with you. We will use your Information to provide you with the Service under the Service Terms and Conditions, engage with customer service inquiries and administer and provide customer support.

3.2 In order to be responsive to you and to maintain our business relationship, as a matter of legitimate business interests (where applicable). We will use your Information to improve our Service, to prevent or detect fraud or abuse, to personalize your user experience and to ensure our content and Services is presented in the most effective manner for you and your device, to administer the Services and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis, to contact you in connection with the Service and any transactions that you have initiated or completed or in relation to security, privacy or administrative related communications (these are not marketing orientated communications so we do not rely on consent for these), to identify and authenticate your access to the parts of the Service that you are authorized to access and maintain the safety and security of you and our customers, Services and businesses.

In addition, we may use the Information set out in Section 1 to comply with any applicable legal obligations, to enforce any applicable terms of service and to protect or defend the Services, our rights, the rights of our users/customers or others.

Where your Information is needed to fulfil the Service under the Service Terms and Conditions, a failure to provide that information will prevent us from completing the transaction and we will refer you back to the specific Retailer.

4. Sharing Your Information with Others.

4.1 Transferring Information to Retailers. In connection with using our Service to make purchases we will share the Information that we collect from you (but except for payment data such as credit card number details) with the specific Retailer who owns or operates the website from which you made your purchase.

Such Retailer will then be entitled to use your Information as if that Retailer has collected this information

directly, subject to the Retailer’s own privacy policy.

For instance, the Retailer needs to know that you have made a purchase in order to process delivery of your purchase, to handle any requests by you to return or replace a product and it needs to know if you are already a subscriber or member of its services so that you can take advantage of any loyalty scheme that it administers.

If you do not agree with the disclosure of your Information to a third-party retailer, you will not be able to use the Service.

4.2 Marketing. We do not use your Information for marketing purposes. Your information may be used for direct marketing by the Retailer who owns or operates the website from which you made your purchase. You will be offered the ability to provide your specific consent via our Service to receive such direct marketing materials directly from the Retailer by either email, telephone, text message or post, relating to consumer goods and services generally available via our Service, and from which you may have previously purchased through us or which may be of interest to you. We will provide the Retailers with your name, email address, phone number and indication of consent (or the lack of) if you so agree and no additional information will be shared in that regard. You may indicate your consent on the Checkout page here.

In order to understand how the Retailer uses your Information you should read, understand and agree to its privacy notice and policies; we neither control nor are responsible for the policies of these retailers.

We do not ask, or receive, any valuable consideration in exchange of the share of your Information.

4.3 Using Affiliates to Store/Process Data. We will share your Information with our subsidiaries (including, but not limited to, Global-e Australia Pty. Ltd. if purchases are made from Australia) or affiliated companies for storing or processing such information on our behalf in connection with our provision of the Services. Such information will be transferred to other jurisdictions around the world where our or their servers and systems are located, as described in the Data Transfer section below. Where you use our Services from Europe to make purchases, your data is stored on servers within the European Economic Area (“EEA”). We require that these parties agree to process such information in compliance with Global-e policies and procedures.

Our website and Services are operated via servers situated in the EU. If we transfer Information outside the EEA, UK or Brazil we will comply with applicable laws relating to data transfers outside the EEA, UK and Brazil as described in the Data Transfer section below. It is important to note, however, that our website and Services are operated via servers situated in the EU.

Global-e accepts full responsibility for the protection of your Information, according to the applicable privacy legislation and this Policy during these onward transfers to third parties.

4.4 Using Third Party Service Providers. We will share (in so far as such sharing is necessary) your Information with our third-party service providers (such as hosting providers, payment processors, anti-fraud service providers, licensed customs brokers, data and website analytics services and order fulfilment providers) whose tools, software, and services we use to process and complete your transaction(s).

We use commercially reasonable efforts to ensure that such third-party service providers will only process your Information as part of providing the Service. Such third-party service providers are located in jurisdictions outside of the jurisdiction in which you are located and if there is a transfer of Information outside of your jurisdiction, we will comply with the applicable laws relating to data transfers and as further described in the Data Transfer sections below.

We do not sell your information.

4.5 Necessary Disclosure. We will disclose your Information or any information you submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to:

a) comply with any applicable law, regulation, legal process or governmental request;

b) enforce the Terms and Conditions, including investigations of potential violations thereof;

c) detect, prevent, or otherwise address fraud or security issues; or,

d) protect against harm to the rights, property or safety of Global-e, its users, yourself or the public.

5. Sharing Information in case of a Structural Change.

We will disclose or transfer your Information if we are acquired by or merged with a third- party entity, or if we are bankrupted or liquidated. If we will use your Information or disclose for any purposes not covered in this Policy in this regard, then we will make efforts to ensure that you receive prior notification of the new purpose and where relevant, your consent obtained for those new purposes.

6. Anonymous, Aggregated and Analytical Information.

We may take steps to de-identify and make anonymous your Information. In doing so we take steps to ensure that this data cannot be re-identified. We may use Anonymous Data in a number of ways to improve our Services or share it with third parties. In those case, we will do so without notice to you. We will also disclose Anonymous Data (with or without compensation) to third parties, including advertisers and partners.

Anonymous Data” means information which does not enable identification of an individual user so that identification is irreversibly prevented, such as aggregated information about the use of our Service. Therefore, such information does not constitute “Information” and use and disclosure of same does not affect any of your rights under US, EU, Canadian or other applicable privacy laws.

We use standard analytics tools such as of Google Analytics and Hotjar.

Further information about how Google uses data when you use our service, is located at http://www.google.com/policies/privacy/partners/.

We may use Hotjar in order to better understand our users’ needs and to optimize our service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (jurisdiction only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

7. Your Choice.

7.1 We request and collect minimal personal details that we need for the purposes described in this Policy. At any time, you may opt to terminate your use of the Service according to the Service Terms and Conditions (see section 8 - Consumer Cancellation Rights) if you live in the EEA or UK.

Thereafter, we will stop collecting any Information from you. However, we will store and continue using or making available certain Information that is related to you. For further information, please read the Security and Data Retention section in this Policy.

7.2 Web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on the Service or through cross-site user tracking. Our Service does not respond to DNT signals.

8. Specific Provisions for California Residents.

This section applies solely to individuals who reside in the State of California. We adopted this section to comply with the California Consumer Privacy Act of 2018 (‘CCPA’) and any terms defined in the CCPA have the same meaning when used in this section.

8.1 We have collected the following categories of Information from consumers within the last twelve (12) months:

a) Identifiers and Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include names, telephone number, postal address, online identifier Internet Protocol address.

b) Commercial information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

c) Internet or other electronic network activity information, including, but not limited to, browsing history,

search history, and information regarding a consumer’s interaction with the Service.

d) Geolocation data, such as physical location.

e) Inferences drawn from any of the information identified to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

8.2 We obtain the categories of Information listed above from the following categories of sources:

a) Directly and indirectly from you and your activity on our Service.

b) Third parties such as our retailers.

8.3 We use the Information we collect for one or more of the following business purposes:

a) To fulfill the reason for which the Information is provided.

b) To provide you with our products and services and to further develop and improve our products and services.

c) To enforce our terms and as necessary to protect our rights.

d) To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

8.4 We disclose Information to third parties for business purposes as described above under the section titled “Sharing Your Information with Others”.

8.5 In the preceding twelve (12) months, We have disclosed the following categories of Information for business purposes:

a) Identifiers, which We have shared with the following categories of third parties: service providers involved in the performance of the fulfilment of the sales contract you entered into, including the retailer;

b) Commercial information, which We have shared with the following categories of third parties: the retailer of the merchandise you have purchased from us, the shipper that delivered your purchase to, the bank or payment service provider that acquired the transaction for purchasing the merchandise;

In the preceding twelve (12) months, We have not sold Information.

9. Your California Rights

If you are a California resident, you may be entitled to the following specific rights under the CCPA regarding your Information:

9.1 Access to Specific Information and Data Portability Rights

  • You have the right to request that we will disclose certain information to you about our collection and use of your Information over the past 12 months. Upon confirmation of your request, We will disclose to you:
  • The categories of Information We collected about you;
  • The categories of sources for the Information We collected about you;
  • Our business or commercial purpose for collecting that Information;
  • The categories of third parties with whom we share that Information;
  • The categories of Information that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that particular category of Information;
  • The specific pieces of Information We collected about you;
  • If We disclosed your Information for a business purpose, we will provide you with a list which will identify the Information categories that each category of recipient obtained.

9.2 Deletion Rights

You have the right to request that we delete any of your Information. Upon confirmation of your request, we will delete (and direct our service providers to delete) your Information from our records, unless an exception applies.

9.3 Nondiscrimination Right

You have the right not to be discriminated against for exercising any of the aforementioned rights.

9.4 Exercising Your Rights

9.4.1. To exercise the access, data portability, and deletion rights described above, please submit your request to us by sending an email to: dataprotection@global-e.com.

9.4.2. Only you or a person authorized to act on your behalf, may make a request related to your Information. You may also make a verifiable consumer request on behalf of your minor child. If you submit your request through an authorized agent, we may request that the agent provide proof of your prior authorization, as well as information necessary to verify your identity.

9.4.3. A request for access can be made by you only twice within a 12-month period.

9.4.4. We may ask you to provide additional information in order to verify your identity before we respond to your request. We cannot respond to your request or provide you with the requested Information if we cannot verify your identity or authority to make the request and confirm the Information relates to you. We will only use the Information provided in your request to verify your identity or authority to make the request.

9.4.5. We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

9.4.6. Any disclosures we provide will only cover the 12-month period preceding receipt of your request.

9.4.7. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

9.4.8. For data portability requests, we will select a format to provide your Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

9.4.9. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.

10. Specific Provisions for Brazilian Residents.

If you are a Brazilian resident, you may be entitled to the following specific rights under the LGPD regarding your Information.

10.1 Your LGPD Rights:

10.1.1. The right to anonymize, block or erase data that is unnecessary, excessive or processed in violation of the LGPD;

10.1.2. The right to erase data that was processed based on consent, unless an exception applies;

10.1.3. The right to confirm and access the Information we collect about you;

10.1.4. The right to port data to another service provider;

10.1.5. The right to receive information about the public and private entities with whom the controller has shared data;

10.1.6. The right to receive information about the possibility of not providing consent (when it is required);

10.1.7. The right to withdraw consent, when applicable;

10.1.8. The right to lodge a complaint with the Brazilian Data Protection Authority; and

10.1.9. The right to object to a processing activity when the processing activity violates the LGPD

10.2 Exercising Your Rights

10.2.1. To exercise the rights described above, please submit your request to us by sending an email to: dataprotection@global-e.com.

10.2.2. Only you or a person authorized to act on your behalf, may make a request related to your Information. You may also make a verifiable consumer request on behalf of your minor child.

10.2.3. We cannot respond to your request or provide you with the requested Information if we cannot verify your identity or authority to make the request and confirm the Information relates to you. We will only use the Information provided in your request to verify your identity or authority to make the request.

10.2.4. We will respond to your request for access within 15 days of its receipt. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

10.2.5. For data portability requests, we will select a format to provide your Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

11. Other Sites and Services.

11.1 The Service will contain links to third party websites and services that are not owned or controlled by Global-e including third party payment providers. We are not responsible for the privacy practices or the content of third party websites or services and your use of or connection to such links and websites is at your sole risk. You should review their privacy policies.

12. Children’s Privacy.

12.1 The Service is not structured to attract or be directed to children under the age of 16 years or the Minimum Age applicable in each jurisdiction. Accordingly, we do not intend to collect Information from anyone we know to be under 16 years or the relevant Minimum Age.

12.2 The Minimum Age for individuals in Canada, Brazil, Hong Kong and Singapore is 18.

12.3 If we learn that we have collected Information from a child under 16 years or an applicable Minimum Age, we will delete that information quickly. If you believe that we have any such information, please contact us at: dataprotection@global-e.com.

13. Security and data retention.

13.1 The security of Information is important to us. We follow generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect Information.

13.2 For example, certain sensitive Information (such as data relating to fraud) that we receive is processed over a Secure Sockets Layer channel and is encrypted; and our payment gateway is Payment Card Industry compliant. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

13.3 Therefore, while we strive to use generally accepted means to protect your Information, we cannot guarantee its absolute security or confidentiality. If you have any questions about security on the Service, you can contact us at: dataprotection@global-e.com.

13.4 We will retain your Information as follows:

a) Purchases, Transaction and Delivery Information (see section 1.1-1.3 above). We will keep your purchases, transaction and delivery information for the duration of the business/commercial relationship and thereafter for the length of the applicable statute of limitations in your jurisdiction (in the UK, for example, the statute of limitations is generally 6 years);

b) Enquiries Information (see section 1.4 above). If you contact us, we will keep your enquiries information for 12 months after you contact us;

c) Log files (see section 1.5 above). We retain log files information for 12 months after the date it was collected.

13.5 For the avoidance of doubt, your Information will also be retained by us as necessary to and relevant to our Service Terms and Conditions and our legitimate operations, including time necessary to identify, issue or resolve legal proceedings, enforce our Service Terms and Conditions, to meet our reporting requirements and as otherwise required in accordance with applicable law obligations.

13.6 We will take appropriate steps to delete or permanently de-identify Information at the point this information is no longer needed by us for our legitimate business or legal obligations.

14. Accessing and Correcting Your Information.

14.1 At any time, you can contact us at: dataprotection@global-e.com and request to access the Information that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate your Information that you request to access. If you find that the information on your account is not accurate, complete or up-to-date, please provide us the necessary information to correct it.

14.2 If you are eligible for the right of access under the applicable law, you can obtain confirmation from us of whether we are processing Information about you and receive a copy of that data, so that you could:

a) verify its accuracy and the lawfulness of its processing;

b) request the correction, amendment or deletion of your Information if it is inaccurate or if you believe that the processing of your Information is in violation of the applicable law.

14.3 We will use judgement and due care to redact from the data which we will make available to you, Information related to others.

15. Your EU and UK Data Subject Rights.

15.1 If EU and/or UK data protection law applies to the processing of your Information that can directly or indirectly identify you, by Global-e, then the following terms apply.

15.2 For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the UK General Data Protection Regulation and the UK Data Protection Act 2018 (together the “UK DPA”), Global-e is the data controller. If you are located in the EEA, you may contact our EU-GDPR representative according to Art.

27 GDPR, Rickert Rechtsanwaltsgesellschaft mbH, Colmantstraße 15, 53225 Bonn, art-27-rep-global- e@rickert.law. If UK data protection law applies to the processing of your Information, you may contact our UK representative, Globale UK Limited, 154 Clerkenwell Rd, London EC1R 5AB, UK., email dataprotection@global- e.com.

15.3 When we process your Information, the processing is based on the legal basis set out in Section 3 above for each processing activity.

15.4 Access the Information that we keep about you. You have the right to obtain (i) confirmation as to whether Information concerning you is processed or not and, if processed, to obtain (ii) access to such data and a copy thereof. We may need to ask you to provide us certain credentials to make sure that you are who you claim you are.

15.5 Rectify the Information that we keep about you. If you find that the data is not accurate, complete or updated, then you may provide us with the necessary information to rectify it.

15.6 Delete your Information. In some cases, you have the right to obtain the erasure of Information concerning you. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request. Restrict the processing of your Information. In some cases, you have the right to obtain restriction of the processing of your Information.

15.7 Transfer your Information in accordance with your right to data portability. You have the right to receive the Information concerning you which you have provided to us, in a structured, commonly used and machine- readable format, and you have the right to transmit that Information to another controller without hindrance from us. This right only applies when the processing of your Information is based on your consent or on a contract and such processing is carried out by automated means.

15.8 Restrict processing to storage only. In certain circumstances, you have the right to require us to stop processing your Information that we hold about you other than for storage purposes.

15.9 Object to processing of your Information. Information You have the right to object, on grounds relating to your particular situation, at any time to processing of Information concerning you when such processing is based on the legitimate interest of Global-e. Global-e may, however, invoke compelling legitimate grounds for continued processing which override the your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

15.10 Object to the processing of your Information specifically for direct marketing purposes. We do not conduct direct marketing. When your Information is processed for direct marketing purposes by Retailers, you have the right to object at any time to the processing of the Information for such direct marketing purpose. Please contact the relevant Retailer directly to opt out of their marketing activities.

15.11 You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.

15.12 If you are located in the EEA, you have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR. If UK data processing laws apply to our processing of your Information, you have a right to lodge a complaint with the UK Information Commissioner’s Office.

A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.

If we need to delete data following your request, it will take time until we completely delete residual copies of the data from our active servers and from our backup systems.

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you can request to be informed that third parties that hold your Information, in accordance with this policy, will act accordingly.

15.13 To protect your Information and handle complaints relating to your Information, we have appointed a Data Protection Officer, responsible for the management and safety of your Information. If you have any concerns about the way we process your Information, you are welcome to contact our Data Protection Officer at: dataprotection@global-e.com. We will investigate your inquiry and make good-faith efforts to respond promptly.

16. Transfer of Data Outside your Territory.

16.1 We may transfer your Information to the UK, United States, Israel and countries within the European Economic Area (EEA).

16.2 We make sure that our data hosting service providers, or any other third party, provide us with adequate confidentiality and security commitments.

16.3 If you are resident in a jurisdiction where transfer of your Information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer.

16.4 If the transfer of your Information is governed by the LGPD, and your data is transferred to another jurisdiction outside Brazil, your data will be secured by appropriate safeguards as set forth in LGPD Arts. 33, 34 and 35, in particular, but without limitation to, by the use of the Standard Contractual Clauses for the transfer of data between Brazil and other jurisdictions.

16.5 If the transfer of your Information is governed by the GDPR or UK GDPR, we transfer your Information outside the EEA and UK (including your name, email address, physical address and telephone number) to shipping service providers, the retailer of the merchandise your purchased from us, the payment services providers, customs/clearance brokers and logistics providers who fulfil the order you placed with us which may have their place of business in the U.S., only where the transfer is necessary for the performance of the contract between you and us (i.e. for the purpose of fulfilment of your order and/or where we have implemented the European Commission’s model contracts for the transfer of Information to third jurisdictions (i.e. standard contractual clauses) unless the data transfer is to a jurisdiction that has been determined by the European Commission (for transfers from the EEA) or the UK Information Commissioner’s Office (for transfers from the UK) to provide an adequate level of protection for individuals’ rights and freedoms for their Information.

16.6 At this time, the U.S. is not recognized by the European Commission or the UK Information Commissioner’s Office as a jurisdiction which offers an adequate level of data protection. Your Information, which is transferred to the U.S., can be processed by U.S. law enforcement agencies, or any other entities under the applicable U.S. law. If you are an EU citizen or resident, or if UK data protection laws apply to you, please note that U.S. laws place limitations on remedies in respect of the processing of your Information by the U.S. authorities, including limitations on the right or ability to bring a legal action to a court of law, or to appear in a court.

17. Dispute Resolution.

17.1 We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner. If you have any concerns about the way we process your Information, you are welcome to contact our privacy team at: dataprotection@global-e.com. We will investigate your query and make good-faith efforts to resolve any existing or potential dispute with you. If you remain unhappy with the response you received, you can also refer the matter to the UK Information Commissioner or the applicable data protection authority in your jurisdiction.

18. Additional information for residents of the following jurisdictions:

18.1 Australia

For the purposes of this Policy, “Information” means any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true, or opinion is recorded in a material form. We are committed to keeping your Information secure and will use all reasonable precautions to protect it from loss, misuse or unauthorized access or alteration. However, except to the extent liability cannot be excluded due to the operation of statute including the Privacy Act 1988 (Cth), we exclude all liability (including in negligence) for the consequences of any unauthorized access to, disclosure of, misuse of or loss or corruption of your Information. We may disclose your information to overseas receptions as described in this Policy, including to recipients located in the countries set out above in the section on ‘Transfer of Data Outside your Territory’. We take reasonable steps to ensure that third party recipients of your Information that are located outside Australia do not breach the Australian Privacy Principles and comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws. Nothing in this Policy restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights or other rights under any applicable law including the Competition and Consumer Act 2010 (Cth) or the Privacy Act 1988 (Cth). If you are unhappy with this Policy or you have a complaint about compliance with the Australian Privacy Principles, please contact us at: dataprotection@global-e.com. We will respond to your complaint and make good-faith efforts to resolve your complaint within a reasonable time (and in any event within 30 days). If you are not happy with how we have dealt with your complaint, you may submit a complaint to the Office of the Australian Information Commissioner via the website at: https://www.oaic.gov.au/privacy/privacy-complaints/.

18.2 China Mainland

By agreeing to this Policy, you consent to your Information and sensitive personal Information being transferred and collected, used, and disclosed in accordance with this Policy. Individuals must be notified at the point of collection of the purposes for which the Information was collected and thereafter the Information can only be used for those purposes unless consent is obtained for a new purpose.

In accordance with the terms of the applicable China Data Protection Law, you may have the following rights to your Information, including the rights to request access to, and correction or deletion of, your Information, or withdrawal of you consent to the processing of your Information, or cancellation of your account. To the extent permitted by applicable China Data Protection Law, a fee may be chargeable by us for complying with a data access request. In certain instances, applicable China Data Protection Law may allow us legitimately and properly to refuse some of these requests; for instance, to comply with applicable legal obligations, to protect the legitimate rights of third parties or to preserve the confidentiality of management deliberations.

For the purposes of this Policy, China Data Protection Law shall mean the Cybersecurity Law of the People's Republic of China (“PRC”), and all related, then current data protection provisions under the PRC Civil Code, other data protection related laws, regulations, administrative rules, administrative measures and national guidelines effective in China Mainland (together as “China Data Protection Law”).

18.3 Hong Kong

Under the Personal Data (Privacy) Ordinance, individuals must be notified at the point of collection of the purposes for which the data was collected and thereafter the data can only be used for those purposes unless consent is obtained for a new purpose. If you are not happy with this Policy, you may submit a complaint to the Office of the Privacy Commissioner for Personal Data. As a Hong Kong data subject you have legal rights in relation to the Information we hold about you (to the extent permitted under applicable laws and regulations).

You are entitled to make a subject access request to receive a copy of the data we process about you, a data correction request as well as a right to reject to the use of your Information for direct marketing purposes by contacting our Data Protection Officer at dpo@global-e.com. A fee may be chargeable by us for complying with a data access request.

18.4 India

Where we permit any third parties to collect and use sensitive Information (such as bank account or credit card information), we shall take reasonable measures to ensure that the third parties do not further disclose such information.

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at dataprotection@global-e.com. Where consent is required to process your Information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service.

18.5 Indonesia

If you are under the age of 21, you undertake that you have the consent of your parent or legal guardian to register an account on and use the Service.

You are responsible for making sure that any personal details which you provide to us are accurate and current. In order to confirm the accuracy of the information, we may also verify the information provided to us, at any time. You hereby represent that you have secured all necessary consent(s) before providing us with any other person’s Information (for example, for referral promotions), in which case we will always assume that you have already obtained prior consent, and as such, you will be responsible for any claims whatsoever from any party arising as a result of the absence of such consent(s).

18.6 Japan

By clicking “accept”, you consent to the cross-border transfer of your information to any jurisdiction where we have databases or affiliates and, in particular, to Ireland and Germany.

You may request us to notify you about the purposes of use of, to disclose, to make any correction to, to discontinue the use or provision of, and/or to delete any and all of your Information which is stored by us, to the extent provided by the Act on the Protection of Personal Information of Japan. When you wish to make such requests, please contact us at dataprotection@global-e.com.

18.7 Malaysia

In the event of any discrepancy or inconsistency between the English version and Bahasa Melayu version of this Policy, the English version shall prevail.

In the event you are agreeing to this Policy in order for a minor to access and use the Service, you hereby consent to the provision of Information of the minor to be processed in accordance with this Policy and you personally accept and agree to be bound by the terms in this Policy. Further, you hereby agree to take responsibility for the actions of such minor, and that minor’s compliance with this Policy.

To protect your Information and handle complaints relating to your Information, we have appointed the following department responsible for managing and protecting your Information. Our data protection officer, responsible for the management and safety of your Information : dataprotection@global-e.com.

18.8 New Zealand

We take reasonable steps to ensure that third party recipients of your Information located outside New Zealand handle your Information in a manner that is consistent with New Zealand privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.

If you are under the age of 16, you undertake that you have the consent of your parent or legal guardian to register an account on and use the Service.

If you are dissatisfied with our response to your request for access to, or correction of, your Information or your privacy complaint in respect of your Information, you may contact the Office of the New Zealand Privacy Commissioner (www.privacy.org.nz).

While we take reasonable steps to ensure that third party recipients of your Information comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws.

18.9 Philippines

We will not implement any material changes to the way we process your Information, as described in the Policy, unless we have notified you and have obtained your consent to such material changes.

By consenting to this Policy, you consent to us:

  • collecting and processing your Information as described in this Policy and for the purposes stated herein;
  • sharing your Information with third parties, companies within our group, and a third party that acquires substantially all or substantially all of us or our business, as described in this Policy and for the purposes stated herein; and
  • transferring or storing your Information in destinations outside the Philippines when the processing shall need to occur outside the Philippines, such as in servers located in Ireland and Germany.

18.10 Singapore

By using the Services, you signify that you have read and understood this Policy. To the extent required under applicable law, you also provide your consent to us collecting, using and disclosing your personal information in accordance with this Policy.

We will transfer Information (including your name, email address, physical address and telephone number) to shipping service providers, retailers of merchandise you purchase from us, payment services providers, customs/clearance brokers and logistics providers who fulfil your orders. Information will be transferred only where necessary for the fulfilment of your purchases.

Under the Personal Data Protection Act 2012, individuals must be notified at the point of collection of the purposes for which the data was collected and thereafter the data can only be used for those purposes unless consent is obtained for a new purpose.

As a Singaporean data subject you have legal rights in relation to the Information we hold about you (to the extent permitted under applicable laws and regulations).

You are entitled to make a subject access request to receive a copy of the data we process about you, a data correction request as well as a right to reject to the use of your Information for direct marketing purposes. We will not charge any fee for complying with a data access request.

18.11 South Korea

We take the following steps to ensure the safety of personal information:

  1. Administrative Measures: Establishment and implementation of internal management plans, regular employee training, etc.
  2. Technical Measures: Management of access rights to personal information processing system, installation of access control system, encryption of unique identification information, installation of security programs.
  3. Physical Measures: Control access to computer rooms, data storage rooms, etc.

We retain personal information for specified retention periods pursuant to certain tax and export controls laws to which we are subject. We store, in an isolated and highly secured fashion, personal information recorded and stored in the form of electronic files so that the records cannot be accessed or reproduced without strict procedures and subject to meeting certain criteria of necessity. After the end of the relevant retention period, personal information recorded and stored in electronic files will be securely destroyed using technical measures to prevent the possibility of recovery and paper records will be either shredded or burned.

The laws of Korea, including the Act on the Consumer Protection in Electronic Commerce, Etc. (E-Commerce Consumer Protection Act), the Framework Act on Electronic Documents and Transactions, and the Protection of Communications Secrets Act, require retention of certain types of information for a certain period of time, as follows:

  • E-Commerce Consumer Protection Act
    • Records of contracts or cancellation of orders shall be retained for a period of five (5) years.
    • Records of payments and provision of goods shall be retained for a period of five (5) years.
    • Records of consumer complaints or dispute resolution shall be retained for a period of three (3) years.
  • Framework Act on Electronic Documents and Transactions
    • Records of electronic document distribution via certified electronic address shall be retained for a period of ten (10) years.
  • Protection of Communications Secrets Act
    • Sign-in records shall be retained for a period of three (3) months.

We have designated the person in charge of personal information protection as follows in order to take full responsibility for the handling of personal information, and to handle complaints from and remedy damages suffered by our users related to our processing of personal information:

Personal Information Protection Officer

Name: Oded Griffel

Position: DPO

Contact Information: dpo@global-e.com

18.12 Taiwan

We do not knowingly collect or solicit Information from anyone under the age of 7 or knowingly allow such persons to register on the Service. If you are under 7, please do not attempt to use or register for our Service or send any Information about yourself to us. No one under the age of 7 may provide any Information to us while using the Service. In the case of users located in Taiwan, persons under the age of 20 are required to obtain parental/guardian consent prior to using the Service.

18.13 Thailand

By clicking “accept”, you acknowledge that you have read, understood, and agree to this Policy. If you do not

agree with this Policy, you must not use the Service.

You may request us to discontinue, to restrict the use or provision of, and/or to request for data portability of any and all of your Information which is stored by us, to the extent provided by the Act on the applicable data privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. When you wish to make such requests, please contact us at dataprotection@global-e.com.

We will give you notice by email of any changes to this Policy, and give you an opportunity to reject such changes, failing which the changes will become effective as stated in the notice.

18.14 Vietnam

By accepting this Policy, you expressly agree and authorize us to collect, use, store, and process your Information, including, lawfully disclosing and transferring it to third parties, as described in this Policy.

19. Changes to this Privacy Policy.

19.1 From time to time, we will update this policy. If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Service’s website. Substantial changes will be effective 30 days after we initially posted the notice.

19.2 Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then- existing policy, you can choose not to accept it and terminate your use of the Service. Continuing to use the Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.

20. Contact Us.

Please contact us at: dataprotection@global-e.com for further information. You can contact our DPO at: dpo@global-e.com.

Cookies Policy

Global-e (“Global-e” or “we”) wants to ensure that your use of our Service is smooth, reliable and as useful to you as possible. To help us do this, we use cookies and similar technologies, such as tags/beacons and javascripts (“cookies”), to make our Service relevant to your interests and needs.

1. What are cookies?

Cookies are small text files that are automatically placed on your computer or mobile device when you use our Service. They are stored by your internet browser. Cookies contain basic information about your internet use. Your browser sends these cookies back to our Service every time you revisit it, so it can recognize your computer or mobile device and personalize and improve your browsing experience.

2. What Are ‘Session’ and ‘Persistent’ Cookies?

Session Cookies” are removed from your computer once you close your browser session. “Persistent Cookies” last for longer periods on your computer - after you close your browser session.

A user can delete previously set persistent cookies manually or configure the browser settings to delete cookies, as further described below.

3. What Are ‘First-party’ and ‘Third-party’ Cookies?

First-party cookies are set directly by the website that the user is visiting. For the purpose of this policy, these are cookies that are set directly by our Service.

Third-party cookies are set by a domain other than the one visited by the user. For the purpose of this policy, these are cookies that are set by Service on the checkout page.

4. What Are ‘Similar Technologies’?

Functions usually performed by a cookie can be achieved by other means. This could include, for example, using certain characteristics to identify devices so that visits to a website can be analyzed.

Any technology that stores or accesses information on a user’s device is relevant for this purpose, and therefore

it includes, for example, HTML5 local storage, Local Shared Objects and fingerprinting techniques.

Additionally, technologies like scripts, tracking pixels and plugins, wherever these are used – are also considered as similar technologies. For example, the retailers may, conduct electronic marketing and incorporate a tracking pixel in email messages. The pixels record information including the time, location and operating system of the device used to read the email.

5. What type of cookies do we use?

We use both Session Cookies and Persistent Cookies as part of your experience on our Service so that we can facilitate the use of the data’s features and tools, keep track of your preferences as well as improve our service by creating better designs for you. Some cookies are strictly essential for the operation of our Service while other cookies help to improve. The same rule goes for all the tracking technologies that we use. We have created a detailed tracking technologies table page, which is attached as an Appendix A to this policy and is available here. The table will provide you with a clear and comprehensive image of the tracking technologies that we use.

When a tracking technology contains Information, as indicated in Appendix A, then our Privacy Policy applies as well.

The cookies we use fall into 3 categories. These categories are described below:

  • Essential and functional cookies
    • Essential cookies are necessary to help you access and move around our Service and use all its features. We also use functional cookies, for example to remember your language preferences to save you the trouble of having to change every time you enter our Service. Without these cookies, our Service would not work properly, and you would not be able to use certain important features.
  • Analytics cookies
    • We use cookies to help us understand how visitors arrived at our Service, how and how long they use it and how we can improve their experience. This type of so-called “analytics” cookies can provide us with anonymous information to help us understand which parts of our Service interest our visitors and if they experience any errors. We use these cookies to test different designs and features for our sites and we also use them to help us monitor how our visitors reach our sites. We use cookies to help us understand how visitors arrived at our Service, how and how long they use it and how we can improve their experience. This type of so-called “analytics” cookies can provide us with anonymous information to help us understand which parts of our Service interest our visitors and if they experience any errors. We use these cookies to test different designs and features for our sites and we also use them to help us monitor how our visitors reach our sites.To place these cookies, we use Google Analytics. We have set our Google Analytics to protect your privacy to the maximum extent. For example, we have concluded a data processing agreement with Google to protect your data. We have also made sure that the last octet of your IP- address is invisible and have turned off the setting which allows sharing data with Google. We are also not using any other Google Analytics related cookie services which are offered by Google.
  • Advertising, marketing and social media cookies
    • We only place advertising, marketing and social media cookies if you have given us your permission to do this.Advertisement and marketing cookies collect information about your browsing habits in order to make our content and advertising as relevant to you and your interests as possible. These cookies are also used to help us measure the effectiveness of our advertising campaigns by tracking the number of clicks. The cookies are usually placed by third party advertising networks. They remember the websites you visit and use this information to give you access to interesting and exciting content on our Service and to show you more personalized adverts when you visit other websites. These cookies also help improve your browsing experience, for example by helping to prevent the same advertisement from continuously reappearing to you.Additionally, social media platforms such as Facebook and Twitter can use cookies to see if you are logged in and allow you to “like” content or forward it to your friends. Depending on your settings, these third parties may use your information for their own purposes, such as advertising. If you would like to know more how these social media platforms use data, please refer to the privacy notices of these platforms.

6. Obtaining your consent for using tracking technologies

We need your consent to use tracking technologies that are not essential and functional, as indicated above. If you do not agree to accept our cookies or other tracking technologies that are not essential and functional for the operation of our website, we will make commercially reasonable efforts to provide you with the same level of services without using such cookies or other tracking technologies.

7. Withdrawing your consent

You can withdraw your consent to advertising, marketing and social media cookies by contacting dataprotection@global-e.com.

8. Managing your cookie settings and deleting cookies

As explained above, we only place advertising and targeting cookies (including tracking cookies) if you have given us your consent for doing this. If you have given us your consent but would like the cookies that we have placed to be removed, you can do this by deleting them via your browser. Search for “cookies” under your web browser’s “Help menu” or “Setting” section.

Here are some links to some commonly used web browsers: (a) Google Chrome; (b) Microsoft Edge; (c) Mozilla Firefox; (d) Microsoft Internet Explorer; (e) Opera; (f) Apple Safari.

In addition, you can turn off certain third party targeting or advertising cookies by visiting the following links: Network Advertising Initiative, the Digital Advertising Alliance Consumer Choice and Your Online Choices pages.

To find out more about cookies, including how to see what cookies have been set, you can visit the following websites: www.aboutcookies.org and www.allaboutcookies.org.

Please note that, if you choose to delete Global-e cookies, your access to some functionality and areas of our Service may be degraded or restricted.

Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is an HTTP header field indicating your preference for tracking your activities on our services or through cross-site user tracking. This Service does not respond to DNT signals.

9. Questions, comments or in need of help?

If you have any questions or if we can help you with something, we would be happy to assist if you contact us at: dataprotection@Global-e.com.

10. Changes to this policy

We update this policy, where needed. Every time we change this policy, we either send you an email about it or post a notice on our Service. We will post a notice on our Service if our policy update includes substantial changes and obtain your consent once again, where required under applicable laws.

This policy was last updated in July 2020.

Appendix A: Tracking Technologies Table

Essential and functional cookies

These cookies are strictly essential for enabling your movement around our Service and providing access to features such as your profile and purchases, member-only services, and other secure areas of our Service. This category of cookies cannot be disabled.