Privacy Policy
When you visit this website hosted by Global-e Online Ltd. and its affiliated group companies worldwide (“Global-e”, “our”, “we” or “us”), correspond with us or become (or are in the process of becoming) one of our merchants or partners, we process personal data about you as a data controller. It is important to us that the personal data of the visitors to our websites, our (prospective) merchants and our (future) partners (“you”) is treated with care and that you are well informed about the way we process personal data related to you. We have written this privacy statement to tell you which data we process, how, why and how long we do this and your rights.
This policy explains our privacy practices for processing personal data related to you as a visitor to our website available at: https://www.global-e.com/, or any of its pages. We process personal data subject to the terms of this policy.
However, this policy is not intended and is not covering, personal data provided to us when you interact with us as a consumer of products sold through our services. Please refer to the website of the merchant from which your products were purchased.
A Summary of the Policy
Which Types of Personal Data do We Collect and for What Purpose?
We collect most of the personal data related to you through your engagement with our website, for various business purposes as further detailed under this section below. Read more.
How do We Collect Personal Data?
We collect the personal data related to you, directly from you, and through the use of “cookies” on our website. Read more.
With Whom do We Share Personal Data?
We share personal data with our vendors as necessary to facilitate our business. We will share information when we change our corporate structure, and we will share the information with our affiliated entities. Read more.
Aggregated and Analytical Information
Aggregated data is not identifiable. We use standard analytical tools for legitimate business purposes. Read more.
Where do We Transfer Personal Data?
We use cloud-based services to store and process personal data in the EU, UK, Israel and in the US, and will store them at additional sites, at our discretion. These vendors provide us adequate security and confidentiality commitments. Read more.
How do We Protect Personal Data Related to You?
We implement physical, electronic and organizational procedures to secure personal data related to you from loss, misuse, unauthorized access or disclosure, alteration or destruction. Read more.
Your choice
You may opt-out of our mailing lists and terminate your use of our website. Our website does not respond to Do Not Track (DNT) signals. Read more.
Accessing Personal Data Related to You
At any time you can request access to personal data related to you. Read more.
Specific Provisions for EU Residents
If we process personal data related to you when you are in the EU, further terms apply to our processing in relation to your rights as a data subject under EU data protection laws. Read more.
Specific Provisions for California Residents
If you are a California resident, you are entitled to specific privacy rights. Read more.
How Long do We Keep Personal Data Related to You?
We retain different types of personal data for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements. Read more.
Changes to This Policy
We will update this privacy policy from time to time after giving proper notice. Read more.
Contacting Us, Questions and Complaints
Please contact us at: [email protected]. Read more.
Which Types of Personal Data do We Collect and for What Purpose?
Data we collect when you use our website and about how you use our website
When you browse our website, we process your IP address, Google Analytics ID, internet browser and device type, location data and your use of our website, including which pages you visited, how you got to our website, the time and length of your visit and your language preferences. We use this data for our legitimate interests of making sure our website works properly, including debugging, to be able to deliver you content and for DDOS mitigation on our website, and improving our website, and to perform statistical analyses for optimizing our website. We also use this information to provide you with personal offers tailored to your needs and tailoring what we show you to your preferences, with your prior consent.
We collect information about how you use our website, for example, which landing pages you visit and which items you look at and how long, to make a determination about what we could likely do for you. For example, if you read about our products and services on our website, we might classify you as a website visitor who is interested in our products and services and therefore as a potential merchant. Based on the audience we expect you belong to, we may act, for example by contacting you with offers about our products and services, if we have your consent for this.
Data we collect when you contact us or request us to contact you
Via our website, you can contact us or ask us to contact you regarding questions, queries, (support) requests, comments or complaints, fill out an application to become a merchant or a partner or sign up for a test account. When you do this, we collect the information that you fill out, including your name, company, contact details, the reason you are contacting us, verification that you are not a robot and other information you decide to provide us. You can also contact us by calling us or emailing us using for example the contact details listed on our website. If you do so, we will collect your name, company and any other information we need to be of further assistance to you and/or communicate with you.
We use this data above to answer your question, comment or complaint and respond to your queries and (support) requests and to assess your application to become a merchant or partner.
Data we process for our marketing purposes
You can sign up for our marketing communications using your name and e-mail address via the sign-up form on our website.
If you are already one of our merchants, we will contact you in relation to relevant products or services, for our legitimate interest in developing our business. We can do this via e-mail or, if your e-mail is registered on LinkedIn, we connect to you on LinkedIn and/or to send you messages on LinkedIn. If you are not yet one of our merchants, we will only contact you, for example via e-mail or LinkedIn, with offers or about our products or services if you have given us your permission to do so. When we contact you in this context via e-mail, you always have an opportunity to opt out at any moment by following the instructions in the e-mail or by contacting us using the contact details below.
You can also download content, for example, white papers and research reports, from our website using the forms designed for this purpose. We collect the data you fill out on the form, including your name, company, country and e-mail address.
Other purposes
If necessary, we can also process any of the information related to you for our legitimate interest of protecting our legal rights, for example in connection with legal claims, and when we have a legal obligation to process information related to you. We will also transfer personal data related to you in the event of a company reorganization, merger, or sale.
Social media buttons
We will use plugins on our website from social media networks such as Facebook, LinkedIn and Twitter. You can recognize these plugins by their logos. We also use plugins for the embedded video players which can be found on our website. Our plugins will not collect personal data about you unless you click on these logos or videos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.
We do not have any influence over which data these providers collect from you and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
How do We Collect Personal Data?
We collect the personal data related to you mainly directly from you, when you use our website, fill in a form, become a merchant, or otherwise contact us through our website.
In addition, we collect personal data using cookies and similar technologies, including tags/beacons and JavaScripts. For more information, please visit our <<Cookies Policy>>.
With Whom do We Share Personal Data?
We need the help of third parties to be able to offer you our website and our products and services. Where necessary we will share personal data related to you with our service providers (e.g. IT providers, CRM providers, marketing support providers (such as agencies that manage our social media accounts), social media providers such as LinkedIn, analysts, and other standard analytics tools of, customer service providers, business development providers, and legal service providers). We have concluded agreements with our service providers to protect personal data related to you.
If our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Otherwise, we will not share personal data related to you with any third party unless we have your permission, where this is necessary for connection with the purposes above or with legal claims, or when we have a legal obligation to do so.
Aggregated and Analytical Information
As aforesaid, we use standard analytics tools such as Google Analytics, to learn about how you and other users use our service, how we should improve your user experience and which improvements we should prioritize. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (for further information about cookies, please see the ‘Cookies Policy’ section in this policy).
Further information about how Google uses data when you use our service, is located at http://www.google.com/policies/privacy/partners/.
As abovementioned, we use Hotjar in order to better understand our users’ needs and to optimize our service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
Where do We Transfer Personal Data To?
Some of the information you provide to us will be shared with other Global-e group companies outside of the European Economic Area (“EEA”) when this is necessary for the purposes mentioned above. These countries include the countries in which we have operations. It also includes the countries in which some of our service providers are located, such as the United States.
To protect personal data related to you when such data is transferred to countries outside of the EEA and to provide it with an adequate level of protection, we have implemented appropriate safeguards in accordance with applicable laws.
If you are a resident in a jurisdiction where the transfer of Personal Information related to you to another jurisdiction requires your consent, then by agreeing to comply with this Privacy Policy, you provide us your express and unambiguous consent to such transfer.
How do We Protect Personal Data Related to You?
We are committed to securing personal data related to you and have taken steps in this regard. In order to prevent unauthorized people or parties from being able to access personal data related to you, we have put in place a range of technical and organizational measures to safeguard and secure the information we process from you.
Your Choice
At any time, you can unsubscribe from receiving our communications by following the instructions provided in any of the communications, or request that the personal data related to you will not be shared with our affiliates or service providers, by contacting us. It may take up to 7 business days for your opt-out request to take effect. Please note that certain opt-out requests may require us to terminate your merchant account, for example, if transferring personal data related to you to a service provider is essential to provide related services. At any time, you can stop using our website as well. Thereafter, we will stop collecting any respective personal data related to you.
You can exercise your choice by contacting us at: [email protected].
In the relevant cases, we will store and continue using or making available certain personal data related to you. For further information, please read the “How long do we keep personal data related to you?” section in this privacy policy.
Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is an HTTP header field indicating your preference for tracking your activities on the Services or through cross-site user tracking. Our Services and website do not respond to DNT signals.
Accessing Personal Data Related to You
If you find that the personal data that we keep about you is not accurate, complete, or up to date, please provide us with the necessary information to correct it.
At any time, you can contact us at: [email protected] and request to access the personal data that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under applicable law, will make good-faith efforts to locate the personal data that you request to access.
We will use judgment and due care to redact from the personal data which we will make available to you, personal data related to others.
Specific Provisions for EU Residents
Under EU data protection laws (“GDPR”), we will be considered a Data Controller with respect to your use of our website as such term is defined therein. We base our processing of personal data as a Data Controller on the following lawful grounds:
- All processing of personal data related to you which are not based on the lawful grounds indicated below is based on your consent.
- We process personal data related to you as a preliminary necessary step prior to initiating an engagement with you as a merchant.
- We will process personal data related to you to comply with a legal obligation and to protect your and others’ vital interests.
- We will rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing, or conducting marketing research so we can improve our products and services and be able to offer our (future) merchants tailored products and services, or where you make contact with us through our website and other digital assets;
- Cybersecurity;
- Support, customer relations, website operations;
- Enhancements and improvements to your and others experience with our website;
- Fraud detection and misuse of our website.
At any time, you can contact our DPO at: [email protected], and request to exercise your rights in accordance with the provisions provided by law:
- You are entitled to access the personal data that we keep about you together with information about how and on what basis the personal data is being processed and to rectify when such information is inaccurate. If you find that the personal data related to you is not accurate, complete, or updated, then please provide us the necessary information to correct it.
- You can contact us if you want to withdraw your consent to the processing of personal data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
- You are entitled to request to delete or restrict access to personal data related to you in limited circumstances as described under the GDPR. If we need to delete personal data related to you following your request, it can take time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.
If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions under the law, you are entitled to request to be informed that third parties that hold personal data related to you, in accordance with this privacy policy, will act accordingly.
- You are entitled to request the transfer of personal data related to you in accordance with your right to data portability.
- You are entitled to object to the processing of personal data related to you, for example in relation to direct marketing.
- You have the right to obtain a copy of or access to safeguards under which personal data related to you is transferred outside of the EEA.
- You have a right to lodge a complaint with a data protection supervisory authority.
We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you. Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
If you have any concerns about the way we process personal data related to you, you are welcome to contact our DPO at: [email protected].
Specific Provision for California Residents
This section applies solely to all visitors, merchants, and others who reside in the State of California. We adopted this section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section.
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as a real name, alias, signature, telephone number, postal address, online identifier Internet Protocol address, business email address, account name and financial information.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our website.
- Geolocation data, namely your physical location or movements.
- Inferences drawn from any of the above-mentioned information.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you and your activity on our website.
- Third parties such as reliable service providers and professional advisers.
We use the personal information we collect or receive for the purposes mentioned under the section “Which types of personal data do we collect and why?” of this privacy policy.
We disclose personal information to third parties for business purposes as described above under the section titled “With whom do we share personal data?”.
In the preceding twelve (12) months, We have disclosed the following categories of personal information for business purposes:
- Identifiers;
- Personal information categories listed in the California Customer Records statute;
- Internet or other similar network activity;
- Inferences;
- Geolocation data.
In the preceding twelve (12) months, We have not sold personal information.
Your rights as a California Resident
If you are a California resident, you are entitled to the following specific rights under the CCPA regarding personal information related to you:
- Access to specific information and data portability rights you have the right to request that we will disclose certain information to you about our collection and use of personal information related to you over the past 12 months. Upon verification of your request, we will disclose to you:
- The categories of personal information we collected about you;
- The categories of sources for the personal information we collected about you;
- Our business or commercial purpose for collecting that personal information;
- The categories of personal information that we disclosed for a business purpose, and the categories of third parties with whom we disclosed that particular category of personal information;
- The specific pieces of personal information that we collected about you;
- If we disclose personal information related to you for a business purpose, we will provide you with a list that will identify the personal information categories that each category of recipient obtained.
- Deletion rights you have the right to request that we delete any personal information related to you. Upon confirmation of your request, we will delete (and direct our service providers to delete) personal information related to you from our records, unless an exception applies.
- Non-discrimination – you also have a right not to be discriminated against for exercising your rights under the CCPA.
Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit your request to us by email to: [email protected]:
Only you or a person authorized to act on your behalf may make a request related to personal information related to you. You may also make a verifiable consumer request on behalf of your minor child.
A request for access can be made by you only twice within a 12-month period.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with the requested personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use the personal information provided in your request to verify your identity or authority to make the request.
We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of your request.
The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.
How Long do We Keep Personal Data Related to You?
We retain different types of personal data for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements.
We will maintain your contact details, to help us stay in contact with you. At any time, you can contact our DPA at: [email protected] , and request to delete your contact details. Note that we may keep your details without using them unless necessary, and for the necessary period of time, for legal requirements and proceedings.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable personal data when we no longer need to process such data.
In any case, as long as you use our website, we will keep information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this privacy policy.
Changes to This Policy
This Policy may change from time to time. If the updates have minor if any consequences, they will take effect 7 days after we post changes on this page, or after we send you the notice through email. Significant changes will be effective 30 days after we initially posted our notice. Each version of this policy will be identified at the top of the page by its effective date, and we will also keep prior versions of this policy in an archive for your review.
Until the new policy takes effect, you can choose not to accept it and terminate your use of our website. Continuing to use our website after the new privacy policy takes effect means that you agree to the new privacy policy. Note that if we need to adapt the privacy policy to legal requirements, the new privacy policy will become effective immediately or as required.
Contacting Us, Questions and Complaints
Questions, comments, requests or complaints concerning this privacy notice and the way we process personal data related to you are welcomed and can be addressed to our DPO at [email protected] .
Global-e UK acts as our UK representative and can be contacted at [email protected].
In addition, you may contact our European representative, RICKERT Rechtsanwaltsgesellschaft m.b.H. Kaiserplatz 7 – 9, 53113 Bonn, Germany. Telephone No: 0049 228 74 898 0 Email: [email protected]
If you have a complaint about the way we handle personal data related to you, you also have the right to address this with the data protection authority of the country in which you live or work or the country in which we are located.
Last update: January 2021