PricingPressCareersAbout
Privacy Policy
Last Updated : November 2020
About this Privacy Policy
CashShield Pte Ltd ("CashShield", "SHIELD", "we", "us", "our Company") provides Merchants ("Merchants") with a system ("System", "SHIELD System") that prevents fraudulent activities in digital ecosystems, including mobile apps and e-commerce platforms ("Merchant’s Platforms"). Merchants integrate the SHIELD system so when users ("User", "you") conduct activities in Merchant's Platforms, the SHIELD System can filter out fraudulent activities performed at the Merchant’s Platforms in the form of fraudulent online transactions, fraudulent payments and withdrawals, unauthorised login, hostile account access and fraudulent registration of accounts among others ("Services", "SHIELD Services").

This Privacy Policy describes how SHIELD collects, uses and stores information that is required to fulfil the purpose of preventing fraudulent activities in digital ecosystems. You are requested to read this Policy to learn how we collect, use and store that information when you:
  • Perform activities in Merchant’s Platforms ("SHIELD System Privacy Policy")
  • Interact with our website ("SHIELD Website Privacy Policy")
  • Apply for a job position at CashShield Pte Ltd Singapore or any of its subsidiaries worldwide ("SHIELD Human Resources Privacy Policy").
DEFINITIONS
  • "Contract" means the performance by User of the activities offered by Merchants within Merchant’s Platforms
  • "EEA" means the European Economic Area.
  • "European Data Protection Legislation" means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the processing of Personal Data under the Agreement.
  • "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
  • "Merchants" refers to companies that own and operate any e-commerce platform and/or mobile app that makes use of SHIELD Services and proprietary technology to detect fraudulent activities in their digital ecosystems and to make online services at their platforms smoother and safer.
  • "Merchant Platforms" refers to any digital ecosystems, including e-commerce platform and/or mobile app that make use of SHIELD Services and proprietary technology to detect fraudulent activities.
  • "Online Activity" refers to any online transaction and other online activities such as but not limited to account creation and registration, account log in, account activity, payment, transfer of funds, funds withdrawal and similar as included in the Merchant’s Platforms.
  • "Personal Data" refers to non-sensitive data from User’s device, User’s passive behaviour in Merchant’s Platforms, shopping cart and payment information sent by Merchant to SHIELD with User’s consent to fulfil the purpose of fraud prevention in the performance of the contract between User and Merchant.
  • "SHIELD Services" means the real-time screening and the automated generation of a risk score and a decision on the potential fraud in activities happening in digital ecosystems of Merchants within the SHIELD system, performed through SHIELD’s proprietary technology.
  • "SHIELD System" means the proprietary technology fully developed and owned by CashShield Pte Ltd that provides with the SHIELD Services to fulfil the purpose of detecting fraudulent activities and events in digital ecosystems of Merchants.
  • "Subprocessors" means third parties authorised by SHIELD and by Merchant to fulfil the purpose of fraud prevention in the performance of the contract between User and Merchant.
  • "User" means any individual who lands on Merchant’s e-commerce platforms or mobile apps to conduct a contract with Merchant under the form of online transaction or any other online activity on Merchant’s digital ecosystem.
Unless otherwise stated, the terms “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Policy have the meanings given in the GDPR. If you wish to know more about the EU General Data Protection Regulation, please consult EU GDPR.ORG
SHIELD Services Privacy Policy
Please note that the Privacy Policy described below only applies to the collection, use and storage of your data for the performance of SHIELD Services. Kindly refer to the Privacy Policy provided by the Merchant to understand how the Merchants collect, use and store your information for purposes other than fraud prevention as outlined in this Policy.
WHAT DATA DO WE COLLECT?
The data outlined below is not aimed at personally identifying a User, but at detecting and grouping passive behaviour patterns that may be fraudulent.

Passive Biometric Data. We collect information about your passive behaviour in Merchant’s Platforms, for example how your cursor moves, the amount of words per minute you type on the e-commerce platform/mobile app, the number of mouse clicks, the number and pressure of finger swipes.

Device Information. This includes browser information, operating systems and connection attributes of the device you use to connect to Merchant’s e-commerce platform or mobile app. Other than the permissions granted by User to the Merchant, SHIELD does not request additional permissions from the User to perform the purpose of detecting fraud in Merchant’s Platforms.

Shopping Cart Information. We may collect information that you submit on Merchant’s Platforms, such as the amount, description and price of items that you buy, and shipping information, which may include your name, shipping address and e-mail address.

User Information. We may collect information of your current and past activity at the Merchant’s Platform such as the number of previous orders, the number of times you interact with Merchant’s Platform and basic information about your Customer Account at Merchant’s Platform should you have one.

Payment Information. We may collect basic payment information that you submit on Merchant’s Platforms to perform a payment online, such as the type of payment method that you choose on Merchant’s Platform, and basic billing information. SHIELD does not collect your full credit card number, should you choose this method to perform the payment online.

Geolocation Information. Provided you have given Merchant permission on the Merchant’s Platform, we collect your geo-location. Should you be using the Merchant’s e-commerce platform, we will collect an approximate of your geolocation based on your IP Address.

Aggregated Data. We may verify the data outline above using third-party online resources such as search engines, social networks and mapping services, which are all available to the general public.

Cookies. The Merchant website assigns a small piece of information to your browser whenever you interact with the Merchant’s Platform. This small piece of information is called a “cookie”. When a User browses the Merchant’s Platform, Merchant may send us the “session cookie” to help us enhance the accuracy of fraud detection. This “session cookie” will be deleted once the User closes its browsing session.

If you are a data subject in the EEA, you will be able to disable the cookies from the small pop- out window that appears on your screen every time you browse the Merchant’s Platform. If you are an individual outside the EEA, you can make use of your browser and device settings to modify the cookies’ policies.

Special Categories of Personal Data. SHIELD does not collect information that may be classified as Special Category under Article 9 of GDPR.
HOW DO WE COLLECT THE DATA?
The data outlined above is collected in the following cases:
  • When User interacts with Merchant’s Platforms, granting consent for this information to be collected as per Merchant’s own Privacy Policy to perform the contract between User and Merchant.
  • When User conducts a payment online or performs Online Activity at Merchant’s Platforms, granting consent for this information to be collected as per Merchant’s own Privacy Policy and Terms and Conditions.
  • When information was made available by user on publicly available platforms, such as search engines, granting consent for this information to be available as per the platform’s own Privacy Policy.
STORING DATA AS A PROCESSOR & SUBPROCESSOR
SHIELD may at its sole discretion and with the approval of Merchants choose a subprocessor to store the data collected. SHIELD ensures that subprocessors treats data and ensures its security and integrity with the same standards as SHIELD, and that subprocessor complies with all data protection policies, including EU GDPR.

SHIELD has assigned the following companies as subprocessors, for the sole purpose of data storage:
AUTOMATED INDIVIDUAL DECISION-MAKING
In accordance with Article 22 of the GDPR, the automated generation of a decision on the potential fraud included in the SHIELD Services:

(a) is necessary for entering into, or performance of, a contract between You (the Data Subject) and the Merchant (the Data Controller);
(b) is authorised by Union or Member State law to which the Merchant (the Data Controller) is subject and which also lays down suitable measures to safeguard your (the Data Subject's) rights and freedoms and legitimate interests; and
(c) is based on your (the Data Subject's) explicit consent

It is the Merchants’ (the Data Controller) own discretion to follow SHIELD’s automated risk score and decision on the potential fraud in the Online Activities.
DATA SHARING, DATA RETENTION AND TRANSFER OF DATA TO THIRD COUNTRIES
Sharing Data
Unless required by Supervisory Authorities or to comply with proceedings by legal authorities, SHIELD does not share, rent or sell your information to any third-parties, including the anonymised information on fraudulent patterns that we may collect from performing the Services.

Retaining Data
SHIELD retains data collected for as long as needed to provide the outlined purpose in this Privacy in fully compliance with applicable regulations. Should the current legislation grant you the right to delete your data and should you exercise it, please note that we may retain certain information required by law or by compliance with the online payments industry, even if the rest of your information is deleted. The deletion of your data in SHIELD System may interfere with SHIELD’s ability of detecting fraud in your subsequent online activities at Merchant’s Platforms. Please send your questions regarding the rights over your data granted by your country’s data protection policy to legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.

Transfer of Data to Third Countries
SHIELD may transfer and process your information outside of your country of residence, including Singapore, the United States or any of the Member States of the European Union. We always ensure that adequate level of data protection is granted in all cases, by implementing legally approved mechanisms to allow for such data transfer. Some of these mechanisms include the EU Special Contractual Clauses under EU GDPR, those observed under EU-U.S. Privacy Shield and those observed under Singapore’s Personal Data Protection Act (PDPA) 2012, among others.
DATA SECURITY SAFEGUARDS
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Data collected is processed as either binary format or as a secret hash key over its transfer between Merchant Platforms and SHIELD System at the time of transfer. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.If you believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at legal@shield.com.
DATA RIGHTS: GDPR AND DATA SUBJECTS IN THE EU
Individuals living in the European Union ("Data Subjects") should be aware of the following aspects compiled under the EU GDPR:
SHIELD acts as a data processor and has legitimate reasons to collect the data described above, in order to provide the fraud prevention Services. SHIELD assumes that you grant your consent to Merchants in our System to collect and process the data as described above to perform the contract (Online Activities) between you and Merchant at Merchant’s Platform.
It is the Merchants’ own discretion to follow SHIELD’s automated risk score and decision on the potential fraud in the Online Activities. Users can address to Merchants any questions about the automated decisions of Users’ Online Activities on Merchant’s Platform.

Data Subjects are granted the right to access, modify and delete their data. Should you choose to exercise any of these rights, particularly the right to deletion (“right to be forgotten”), please note that we may retain certain information required by law or by compliance with the online payments industry, even if the rest of your information is deleted. The deletion of your data in SHIELD System may interfere with SHIELD’s ability of detecting fraud in your subsequent online activities at Merchant’s Platforms. Please send your questions regarding the rights over your data granted by the GDPR to legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.

Additionally, Users in the EU are informed of their right to file an official complaint at the corresponding Supervisory Authority, duly appointed by their Member State.
DATA RIGHTS: INDIVIDUALS OUTSIDE THE EU
Users outside the EU are encouraged to review the best practices recommended by the Data Protection Authorities in the countries of residence. If you, as a User, believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
SUPERVISORY AUTHORITY
CashShield Pte Ltd HQ – Supervisory Authority in Singapore
Personal Data Protection Commission

CashShield Pte Ltd Berlin Dependant Branch – Supervisory Authority in Germany
Berliner Beauftragte für Datenschutz und Informationsfreiheit
CONTACT SHIELD
For users in the EEA: CashShield Pte Ltd, Friedrichstraβe 206, 10969 Berlin Germany
For users outside the EEA: CashShield Pte Ltd, 1 Fifth Ave, #03-14 Guthrie House, Singapore 268802
SHIELD Website Privacy Policy
We take your privacy seriously and want to ensure the highest standards for data security. Please note that the Privacy Policy described below only applies to the collection and use of your data at www.shield.com, a domain fully owned by CashShield Pte Ltd Singapore.

We collect non-personal information that does not identify you as an individual user because it helps us deliver a superior level of customer service, improve the content at our website, give users convenient access to our products and services and focus on categories of greatest interest to you. Non-personal specific information may be used to market directly to that profile subject to requirements of applicable law. This non-personal specific information may be shared with third parties. Unless required by Supervisory Authorities or to comply with proceedings by legal authorities, SHIELD does not share, rent or sell your information to any third-parties.

Non-personal information collected may be stored in our database and will be used in accordance with applicable regulation.
WHAT DATA DO WE COLLECT?
Browsing and Navigation Data. We collect information about your behaviour in our website that may include but it is not limited to number of pages visited, time spent on each page, landing page and source page, IP Address and country of connection, language and browser information.

Personal Information. Should you make use of either the Contact Us form or Enquiry Email available at our website, we may collect information such as Name, Company, E-Mail Address, Website and Telephone Number.
HOW DO WE COLLECT THE DATA?
The data outlined above is collected when User interacts with our website. We assume you have read and agreed this Privacy Policy when navigating our website.

Cookies. The website sends a small piece of information called a cookie while you are browsing which will be stored on your hard drive and that contains information about your browsing behaviour. SHIELD uses cookies to enhance your user experience, improve our service and monitor the use of our site.

If you are a data subject in the EEA, you will be able to disable the cookies from the small pop- out window that appears on your screen every time you browse our Website. If you are an individual outside the EEA, you can make use of your browser and device settings to modify the cookies’ policies.
DATA STORAGE, SHARING, RETENTION AND TRANSFER TO THIRD COUNTRIES
Data collected from visitors to our website (“Users”) is neither shared not transferred to any third countries.

Subscription to our E-newsletter
Should you receive our E-newsletter without having subscribed to it, you are kindly asked to make use of the Opt Out/Unsubscribe option at the bottom of the bulletin to delete your information, including your e-mail address from our recipient’s list.
DATA SECURITY SAFEGUARDS
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.

If you believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
CHANGES AND UPDATES TO OUR WEBSITE PRIVACY POLICY
We reserve the right to change and update this Website Privacy Policy, therefore you are kindly asked to check it on a regular basis. The use of the SHIELD Website after a change or an update has been made means that you agree with such change or update.

Consent and Ensuring Data Subject Rights
By browsing our Website or by making use of our e-mail addresses and inquiry form, you agree to this Website Privacy Policy. Should you wish to exercise the Data Subject rights granted to you (access, modify, delete) the information, you may contact us to legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
CONTACT SHIELD
For users in the EEA: CashShield Pte Ltd, Friedrichstraβe 206, 10969 Berlin Germany
For users outside the EEA: CashShield Pte Ltd, 1 Fifth Ave, #03-14 Guthrie House, Singapore 268802
SHIELD Human Resources Privacy Policy
Please note that the Privacy Policy described below only applies to the collection and use of your data when you (“Candidate”) apply for an open position (“Job”) at CashShield Pte Ltd or any of its subsidiaries.

We collect your information because we want to assess your suitability as a candidate for the job opening.
WHAT DATA DO WE COLLECT?
For Candidates to Job Positions at SHIELD offices outside Singapore. We may request you to send us your complete CV, including academic background, employment history, link to professional online network online such as LinkedIn, Xing or equivalent in the market where the job position is open, and basic contact information, including your Name, E-Mail and Telephone Number.

For Candidates to Job Positions at SHIELD office in Singapore. We may request you to send us your complete CV, including academic background and records, employment history, references, link your professional online network online such as LinkedIn, NRIC/passport number, Visa information and Visa eligibility (for non-Singaporean citizens or non-Permanent Residents), and basic contact information, including your Name, E-Mail, Address and Telephone Number.

Candidates Referred to Job Positions by Recruiting Agencies and Job or Professional Online Platforms. SHIELD shall not be liable for the security in the collection, process and storage of the data collected by any appointed Recruiting Agency and Job or Professional Online Platforms. Candidates are encouraged to review and agree to the Data Privacy Policy of the Recruiting Agency and Job or Professional Online Platforms before submitting applications.
HOW DO WE COLLECT THE DATA?
The data outlined above is collected when Candidate sends his/her job application to SHIELD’s dedicated e-mail address. We assume you have read and agreed this Privacy Policy when submitting your job application.
DATA STORAGE, SHARING, RETENTION AND TRANSFER TO THIRD COUNTRIES
Data collected from job applicants (“Candidates”) is neither shared not transferred to any third countries. SHIELD does not share, rent or sell your data to any third party, neither does it use your personal information for purposes other than the one outline above.
DATA SECURITY SAFEGUARDS
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.

If you believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
CHANGES AND UPDATES TO OUR WEBSITE PRIVACY POLICY
We reserve the right to change and update this SHIELD Human Resources Privacy Policy, therefore you are kindly asked to check it on a regular basis. Applying for a position at SHIELD after a change or an update has been made means that you agree with such change or update.

Consent and Ensuring Data Subject Rights
By applying to positions at SHIELD, you agree to this SHIELD Human Resources Privacy Policy. Should you wish to exercise the Data Subject rights granted to you (access, modify, delete) the information, you may contact us to legal@shield.com. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
CONTACT SHIELD
For users in the EEA: CashShield Pte Ltd, Friedrichstraβe 206, 10969 Berlin Germany
For users outside the EEA: CashShield Pte Ltd, 1 Fifth Ave, #03-14 Guthrie House, Singapore 268802