Unless otherwise defined herein, terms in this Agreement shall have the same meanings as those in agreements related to E-Commerce Services. The terms herein are defined as below:

14.1 E-Commerce Services/This Servicerefers to the SaaS website construction services, including but not limited to online store construction, backend system management, construction of cloud-based sales point management systems, Customer management system construction, and platform maintenance.

14.2 E-Commerce Storerefers to an e-commerce platform built by you using E-commerce Services to sell products or services to your customers.

14.3 Effective Daterefers to the time of merchant purchase order of SaaS service becomes effective. Huawei Cloud Contracting Party refers to the following (for purposes of clarity, the Huawei Cloud Contracting Party will be the Huawei Cloud entity associated with the country or region in which you are registered as per the below table):

14.4 Governing Law and Corresponding Courtrefers to the following and is dependent on the Huawei Cloud Contracting Party as per Section 14.3 above:

14.5 Solution Pricing refers to the prices of E-Commerce Services we provide.

14.6 Service Period refers to the validity period of the package you purchase. The package validity period is not equal to the contract period.

14.7 Customer refers to a user who purchases your products on your E-Commerce Store or an end consumer of your products.

14.8 Days refer to calendar days, including weekends, bank holidays, and public holidays.

14.9 Person refers to any natural or legal person, including any individual, limited liability company, corporation, partnership, association, limited stock company, trust, unincorporated body, government agency, or other entity of a similar nature.

14.10 Package refers to a service package that contains the service content with related fees displayed in the solution pricing.

14.11 Package Fee refers to the fee that you pay when purchasing a package.

1.About This Agreement

1.1 The Parties

This Data Processing Agreement is entered into as of the Effective Date of Huawei Cloud E-Commerce SaaS Service User Agreement (contract number: [ ], hereinafter referred to as Master Agreement) by and between Huawei Cloud and you (hereinafter referred to as “Seller”) who purchases and uses Huawei Cloud’s E-commerce Services to power your E-Commerce Store. This Agreement is an integral part of the Master Agreement). Matters not covered in this Agreement shall be subject to the Master Agreement.

The Seller (as the Personal Information Controller) needs to entrust Huawei Cloud (as the Personal Information Processor) to process the Personal Information. Upon friendly negotiation based on the principles of equality and voluntariness, Seller and Huawei Cloud have reached the following agreements to specify rights and obligations of both Parties concerning data processing and data safeguards and security.

2.Definitions

Unless otherwise agreed by both Parties, the terms used in this Agreement are defined as follows. Other terms not defined in this Agreement shall be subject to the Master Agreement.

2.1 Personal Information refers to any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In this Agreement, Personal Information is s any personal data provided by Seller or collected or processed by Huawei Cloud on behalf of Seller in connection with services provided to Seller in the Master Agreement and other personal data processed under Seller’s instructions, for the purpose of fulfilling the Master Agreement, including but not limited to End-Users’ basic account information (e.g. usernames, passwords, and email addresses), including End-Users’ basic account information (e.g. usernames, passwords, and email addresses), End-Users’ business and contact information, billing addresses, shipping addresses, order information, coupon information, and express delivery information, End User’s records(e.g. click records, search records, browsing records, exposure records, shopping cart records, search keywords, purchase records) and page stay duration and Seller’s E-commerce Store administrator’s basic account information(e.g. usernames, passwords, names, and email addresses).

2.2 Personal Information Subject refers to a data subject defined in the Privacy Laws of the applicable country or region, including a natural person whose identity has been confirmed or can be determined. An identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, ID number, and online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.

2.3 Personal Information Controller refers to a personal information controller defined in the Privacy Laws of the applicable country or region. The controller is an organization or individual that independently determines the processing purpose and method of personal information. In this Agreement, the Personal Information Controller is the Seller.

2.4 Personal Information Processor refers to a personal information processor defined in the Privacy Laws of the applicable country or region. The processor is an individual who is appointed by the Personal Information Controller to process the Personal Information. In this Agreement, the Personal Information Processor is Huawei Cloud.

2.5 Personal Information Breach refers to the breach of personal information defined in the Privacy Laws of the applicable country or region, including but not limited to accidental or illegal destruction, loss, change, or unauthorized disclosure, access to personal information, transmission, storage, or other processing of Personal Information.

2.6 Privacy Laws refers to any applicable laws and/or regulations that relate to the security and protection of personal data, any laws and regulations implementing or made under them, any amendment, update or re-enactment of them, including but not limited to the applicable privacy protection laws of the countries or regions where the Seller, Huawei Cloud and End-User are located(e.g. The Personal Data Protection Ordinance in Hong Kong, the Personal Data Protection Act in Singapore, the Personal Data Protection Act in Thailand, the Personal Data Protection Act in the Philippines, and the respective laws on personal data protection in Indonesia).

2.7 Regulatory Bodies refers to government agencies, regulators, statutory bodies, and any other bodies who are entitled to regulate, investigate, or affect matters about data security, Personal Information, and privacy protection in accordance with laws, administrative regulations, or regulatory documents.

2.8 Other Entrusted Parties refer to organizations or individuals introduced by Huawei Cloud to process Customer' Personal Information on behalf of Huawei Cloud. In this Agreement, Other Entrusted Parties are organizations or individuals listed in the appendix List of Other Entrusted Parties.

2.9 Data Importer refers to the data importer defined in the Privacy Laws of the applicable country or region. Generally, the Data Importer refers to the organization who agrees to receive in a country or territory outside the country or region where the Seller’s E-commerce Store administrator or End-User is located. The Personal Information transferred to it by or on behalf of the Data Exporter for processing in accordance with the terms of theses clauses.

2.10 End User refers to a Customer defined in the Master Agreement.

3.Data Processing Description

The details of Personal Information that may be processed by Huawei Cloud on the instruction of the Seller are set out below.

Personal Information Subjects: End Users, employees and partners of the Seller, and other personnel designated by the Seller.

Categories of Data

Disclosure to Third Parties: To provide the Seller with E-commerce Services under this Agreement, Huawei Cloud will disclose End Users' Personal Information to third parties in the following scenarios:

Scenario 1: Mailbox service. Huawei Cloud, as the Personal Information Processor, discloses data to Alibaba Cloud Computing Co., Ltd. (the data is stored in Singapore) to provide the mailbox service.

Scenario 2: Logistics query. Huawei Cloud, as the Personal Information Processor, discloses data to Demon Network Tech Co., Ltd. in Shenzhen, China to provide the logistics query service.

Scenario 3: Payment service. Huawei Cloud, as the Personal Information Processor, discloses data to Shenzhen Ocean Payment Technology Co., Ltd. (the data is stored in Singapore) to provide the payment service.

Scenario 4: Huawei Cloud, as the Personal Information Processor, discloses the data to Huawei International Pte. Ltd. in Singapore. Huawei International Pte Ltd., as the data sub-processor, provides secondary data processing services under this Agreement.

4.Terms and Conditions

The following terms and conditions shall apply with respect to the processing of all Personal Information:

4.1 Data Processing Principles

The Seller agrees and ensures that they have the right to instruct and entrust Huawei Cloud and Other Entrusted Parties to process the Personal Information. Huawei Cloud shall process the Personal Information in accordance with this Agreement and the instructions of the Seller, and shall not exceed the purposes, methods, and scopes specified in this Agreement. If Huawei Cloud considers that the Seller's instructions violate applicable Privacy Laws, Huawei Cloud shall notify the Seller immediately. Huawei Cloud shall fully support the Seller in protecting End Users' rights, such as access, modification, and deletion.

To the extent that Huawei Cloud collect, process, use and/or transfer the Seller and the End User’s personal information for the purpose of providing E-Commerce Services to the Seller (including but not limited to accessing the End User’s personal information, transferring the End User’s personal information to other third parties or out of the country where the End User resides in), the Seller shall consent to and authorize Huawei Cloud to perform such data processing and/or transfer. Without limiting the foregoing, the Seller represent, warrant and undertake that, at the time of each such transfer and throughout the duration that Huawei Cloud processes such data, the Seller have provided all necessary notifications and obtained all necessary consents and authorizations for such processing and/or transfer of data by us as required under applicable Privacy Law and this Agreement. Such notifications and consents shall be provided and obtained by the Seller at its sole expense.

4.2 Personal Information Transfer

The Seller agrees and confirms that Huawei Cloud can transfer the Personal Information to Other Entrusted Parties and store the data in Singapore based on the E-Commerce Services provided for the Seller.

The Seller agrees and confirms that Huawei Cloud can transfer the Personal Information to China based on the E-Commerce Services provided for the Seller and End Users.

More details on the cross-board transfer from Huawei Cloud to other third parties are set out in the Appendix 2 Data Transfer Agreement.

4.3 Appointment and Conduct of Other Entrusted Parties

The Seller agrees that Huawei Cloud can authorize Other Entrusted Parties listed in Appendix 1 to provide the data processing services under this Agreement for the Seller and End Users. If Huawei Cloud needs to authorize a new Other Entrusted Party other than those listed in Appendix 1, before providing the new Other Entrusted Party with the permission to access the Personal Information, Huawei Cloud shall notify the Seller of the new Other Entrusted Party list at least three (3) months in advance and the Seller shall transfer such list to the End Users and obtain the new authorization from End Users to process their personal data. If End Users do not accept the new Other Entrusted Party, End Users can terminate the E-commerce Services of the Seller powered by Huawei Cloud within such 3-month notice period. Huawei Cloud shall transfer the requirements of the Seller to Other Entrusted Parties and ensure that Other Entrusted Parties fulfill the Entrusted Party's obligations of Huawei Cloud as specified in this Agreement.

4.4 Assistance for Responses to Requests and Queries

Huawei Cloud shall take appropriate measures in a timely manner to assist the Seller in responding to End Users' requirements for accessing, modifying, transferring, deleting, and destroying the Personal Information.

If Huawei Cloud receives any query, request, or complaint about the Personal Information from an End User, including but not limited to access, correction, deletion, and all similar requirements, Huawei Cloud will transfer such request to the Seller or notify the End User of making a request directly to the Seller, and the Seller shall be responsible for responding to any such request directly.

If Huawei Cloud receives any judicial or administrative order, request, search warrant, subpoena, or any other document required by government authorities to obtain or disclose personal information, Huawei Cloud shall notify the Seller in a timely manner to the extent permitted by law.

4.5 Return/Destruction of the Personal Information

Save for any instructions to the contrary and unless provide otherwise under the applicable Privacy Laws, at the termination or expiration of Master Agreement, or when requested to do so by Seller, Huawei Cloud shall hand over to Seller the Personal Information, and shall erase or destroy related data in accordance with the requirements of Seller and as soon as Huawei Cloud’s obligations under Master Agreement have been performed.

4.6 Emergency Response

Once Huawei Cloud finds that the Personal Information it processes may be or has been disclosed, Huawei Cloud shall send a written notice to the Seller in a timely manner to fulfill its obligation to notify Regulatory Bodies and End Users according to applicable Privacy Laws. Such a notice shall at least contain the following content: a) Details about the impact of the Personal Information Breach, including but not limited to the nature of the Personal Information Breach, the type and number of related End Users, and related processing records of the Personal Information. b) Possible risks and consequences of the Personal Information Breach. c) Measures taken or suggestions provided by Huawei Cloud to handle the Personal Information Breach.

Huawei Cloud shall keep any records related to known or suspicious Personal Information Breach and provide such records to the Seller as required.

In addition to the above situations, Huawei Cloud has the right to fulfill the obligations of the Personal Information Processor regarding Personal Information Breach according to applicable Privacy Laws or requirements of Regulatory Bodies.

4.7 Information Assistance

Huawei Cloud shall provide the Seller with all necessary information that can prove its compliance with the obligations specified in this Agreement and the Privacy Laws.

5.Indemnity

If the Seller violates the Privacy Laws, this Agreement, or causes any infringement to Personal Information Subjects, the Seller shall assume the infringement liability such as indemnity. Seller will indemnify and keep indemnified and defend at its own expense Huawei Cloud against all costs, claims, damages, expenses, or proceedings which Huawei Cloud may incur as a result of a breach of Seller of its obligations herein. In case Huawei Cloud has suffered loss, cost and/or damage, or has to pay any penalty or compensation according to applicable Privacy Laws due to Seller’s breach, Seller shall reimburse Huawei Cloud for all that loss, cost and damages. Notwithstanding anything to the contrary, Huawei Cloud's maximum aggregate liability in respect of any loss, damage, fines, liability, charge, proceeding, expense, outgoing, or cost of any nature or kind incurred by Huawei Cloud or Other Entrusted Parties arising from this Agreement (including the Website Agreements and appendixes of this Agreement), whether in contract, misrepresentation (whether tortious or statutory), tort (including negligence), and breach of statutory duty or otherwise, shall not exceed the total amount paid by the Seller under the Master Agreement for E-Commerce Services that give rise to the claim during the twelve (12) months immediately prior to the event giving rise to such liability. In no event shall Huawei Cloud be liable for any indirect or consequential losses or damage, or any loss of revenues, profits, opportunities, customers, or damage to goodwill or reputation, arising from or in connection with this Agreement.

6.Miscellaneous

6.1 Entire Agreement

This Agreement constitutes the entire agreement about related subject matters agreed by both parties, and it supersedes any and all discussions, agreements, and expressions between the parties, oral or written, implied or expressed.

6.2 Severability

In case any provision in this Agreement shall be invalid in any jurisdiction, the rights and obligations of both Parties in this Agreement and the enforceability of the remaining provisions shall not in any way be affected thereby. If a provision is determined to be invalid, the Parties shall negotiate in good faith to replace it with a provision which is as close as possible to the original provision.

6.3 Term and Termination

This Agreement shall take effect as of the Effective Date and remain in force unless (1) the Master Agreement is terminated; (2) both Parties agree to terminate this Agreement in writing; or (3) both Parties enter into a new agreement on data processing to replace this Agreement.

6.4 Signing

This Agreement is executed in [two] counterparts that have the same legal force. Either party holds [one] counterpart.

6.5 Conflict of Terms

In the event of any conflict between the terms of Master Agreement and this Agreement, the terms in this Agreement shall prevail.

The Seller’s liability under this Agreement (including under clause 5 above) forms part of the Seller’s liability under the Master Agreement.

Unsettled matters in this Agreement could refer to Master Agreement.

The Seller (Personal Information Controller) and Huawei Cloud (Personal Information Processor) have reached the following agreements on the transfer of Personal Information that the Seller entrusts Huawei Cloud to process in accordance with the Data Processing Agreement:

1. Description of Data Transfer

(a) Data Exporter: Seller;

(b) Data Importer: Huawei Cloud;

(c) Personal Information Subjects: The Personal Information transferred concern the following categories of Personal Information Subjects: End Users/Seller’s E-commerce Store administrator.

(d) Categories of Data

(e) Recipients

Sub-processors introduced by the Data Importer.

(f) Processing operations

On behalf of Data Exporter, Data Importer process Personal Information for the purpose of:

● To provide E-Commerce Services for Data Exporter so that Data Exporter could operate and manage its E-commerce Store smoothly;

● To provide the End User’s logistics query services and other value-added services (intelligent recommendation, intelligent search, and multi-dimensional statistics);

(g) Location of the Servers

[Singapore]

2. Obligations of the Data Exporter

2.1 The Data Exporter (the Seller) warrants and undertakes that:

a. The processing, including the transfer itself, of the Personal Information has been and will continue to be carried out in accordance with the applicable Privacy Laws and does not violate the relevant provisions of applicable Privacy Laws;

b. The Data Exporter has obtained the prior consent of the Personal Information Subject and ensures that the Huawei Cloud can legally and is capable of fulfilling legal obligations under this Agreement, including but not limited to data transfer and data processing services.

c. It has taken reasonable effort to ensure that the Personal Information is accurate and complete before providing the same to the Data Importer;

d. It has instructed and throughout the duration of the Personal Information processing services will instruct Data Importer to process the Personal Information transferred only on behalf of Data Exporter and to abide by applicable Privacy Laws and the Clauses;

e. Upon the request of the Data Importer, the Data Exporter may provide the Data Importer with a copy of any applicable requirements (if relevant) specified in relevant Privacy Laws, references, any consultation, or other guidelines issued to the Data Exporter from time to time by the Regulatory Bodies, excluding legal advice.

f. after an assessment of the requirements of the applicable Privacy Laws, appropriate security measures have been taken to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing, the nature of the data to be protected and the cost of their implementation.

g. It will ensure compliance with the security measures.

h. If End Users or applicable Regulatory Bodies raise an inquiry to the Data Exporter, it shall respond to the inquiry unless both Parties agree that the Data Importer shall make such response.

i. It shall comply with all obligations and responsibilities specified in applicable Privacy Laws.

3. Obligations of the Data Importer

3.1 The Data Importer warrants and undertakes that:

a. to process the Personal Information only on behalf of Data Exporter and in compliance with the instructions of Data Exporter and this Agreement; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly Data Exporter of its inability to comply, in which case Data Exporter is entitled to suspend the transfer of data and/or terminate this Agreement.

b. It has no reason to believe that the applicable Privacy Laws or such other laws prevents it from fulfilling the instructions received from Data Exporter and its obligations under this Agreement and that in the event that it becomes aware of a change in the applicable Privacy Laws or such other laws which is likely to have a substantial adverse effect on the warranties and obligations provided under the Clauses, it will promptly notify the change to Data Exporter as soon as it is aware, in which case Data Exporter is entitled to suspend the transfer of data and/or terminate this Agreement.

c. It shall develop appropriate technical and organizational measures to provide protection a standard of protection that is comparable to the protection required by the applicable Privacy Laws and any requirements set out in any advisory or other guidelines issued from time to time by Regulatory Bodies, to the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.

d. It will promptly notify Data Exporter about any accidental or unauthorized access; and any request received directly from the Personal Information Subjects without responding to that request, unless it has been otherwise authorized to do so.

e. It shall develop procedures so that any third party that they authorize access to Personal Information, including Other Entrusted Parties, shall respect and maintain the confidentiality and security of Personal Information. Any person authorized by the Data Importer, including Other Entrusted Parties, is obliged to process Personal Information only according to the instructions of the Data Importer. This provision does not apply to persons authorized or required by law or regulation to have access to Personal Information.

f. It shall process Personal Information in accordance with the purposes set forth in Clause 1 of this Agreement and have the legal right to provide assurances and fulfill the commitments set forth in this Clause.

g. It shall promptly and properly deal with all inquiries from Data Exporter relating to its processing of the Personal Information Subject to the transfer and to abide by the advice of the Regulatory Bodies, with regard to the processing of the data transferred.

h. at the reasonable request of Data Exporter, to submit its data processing facilities, data files, and file review, and/or certification required for data processing covered by this Agreement to determine whether it complies with the warranties and undertakings in this Clause.

i. Not to disclose or transfer the Personal Information to any third party or to any place outside [Singapore] unless with prior consent of the Data Exporter on the transfer, except otherwise authorized in clause 1 of this Agreement: Data Transfer Description and: ● The third party processes the Personal Information in accordance with requirements prescribed under the applicable Privacy Laws finding that the third party provides a standard of protection to Personal Information so transferred that is comparable to the protection under the applicable Privacy Laws; and ● Personal Information Subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards.

4. Indemnity

Each Party shall be liable to the other Party for damages it causes by any breach of these clauses in this Agreement. Notwithstanding anything to the contrary, Data Importer's maximum aggregate liability in respect of any loss, damage, fines, liability, charge, proceeding, expense, outgoing, or cost of any nature or kind incurred by Data Importer or Other Entrusted Parties arising from this Agreement (including the Website Agreements and appendixes of this Agreement), whether in contract, misrepresentation (whether tortious or statutory), tort (including negligence), and breach of statutory duty or otherwise, shall not exceed the total amount paid by the Data Exporter (Seller) under the Master Agreement for E-Commerce Services that give rise to the claim during the twelve (12) months immediately prior to the event giving rise to such liability. In no event shall Data Importer be liable for any indirect or consequential losses or damage, or any loss of revenues, profits, opportunities, customers, or damage to goodwill or reputation, arising from or in connection with this Agreement.

5. Resolution of Disputes with Personal Information Subjects or Regulatory Bodies

a. In the event of a dispute or claim brought up by a Personal Information Subject or Regulatory Body concerning the processing of Personal Information against a Party or both of the Parties, the Parties will inform each other about any such disputes or claims and will cooperate with a view to settling them amicably in a timely manner.

b. The Parties agree to respond to any generally available non-binding mediation procedure initiated by the Personal Information Subjects or Regulatory Bodies. If they do participate in the proceedings, the Parties may elect to do so remotely (such as by telephone or other electronic means).

6.Variation of Clauses

The Parties shall not modify these clauses of this Data Transfer Agreement except to update any information in Clause 1 (Description of Data Transfer) of this Agreement. This does not preclude the Parties from adding additional clauses upon request and agreement of either Party.

7. Description of the Transfer

The details of transfers and Personal information are provided in Clause 1 (Description of Data Transfer) of this Agreement. The Parties agree that Clause 1 (Description of Data Transfer) of this Agreement may contain confidential business information which they will not be disclosed to third parties, except as required by law or in response to regulatory or a competent government agencies. The Parties may execute additional annexes scenarios to cover additional data transfers. Clause 1 (Description of Data Transfer) of this Agreement may, in the alternative, be drafted to cover multiple transfers.

Huawei Services (Hong Kong) Co. Ltd. understands how important your privacy is to you and fully respects it. Please carefully read this Privacy Statement ("Statement") before you submit your personal data to us. This Statement applies to the Merchants using Huawei Cloud’s Service to power your business and the Merchants’ customers (“Customer”) purchasing from the Merchants’ Huawei Cloud-powered stores. Any personal data of a Customer is collected and processed at the direction of a Merchant who is the data controller and ultimately determines how and why to collect and process a Customer’s personal data. If a Customer has any concern or query on how a Merchant collects and processes your personal data, please visit its privacy policy.

“Services” refers to a series of services provided by Huawei Cloud to the Merchant for assisting it to construct and build a full-function and intelligent e-commerce store. The Services may help Merchant manage commodity, order payment, warehousing logistics, customer service and else on or in connection with its e-commerce store.

This Statement describes how we collect, use and disclose your personal data, as well as our legal bases for processing, and the security measures implemented by us to protect your personal data. It also demonstrates your rights in connection with your personal data, and other related details you need to know before you provide personal data to us. We may inform you of product- or service-specific data collection which is not reflected in this Statement through supplementary policies or notices provided before the relevant collection of your personal data.

We have created this Statement to help you understand:

1. How Huawei Cloud Collects Your Personal Data

2. How Huawei Cloud Processes Your Personal Data

3. How Huawei Cloud Uses Cookie and Similar Technologies

4. How Huawei Cloud Shares Your Personal Data

5. How Huawei Cloud Protects Your Personal Data

6. How Long Huawei Cloud Retains Your Personal Data

7. How to Access and Control Your Personal Data

8. How Huawei Cloud Handles the Personal Data of Children

9. How Your Personal Data Is Transferred Internationally

10. How This Statement Is Updated

11. How A Merchant Contacts Huawei Cloud

1. How Huawei Cloud Collects Your Personal Data

Personal data means any information (whether true or not) relating to an identified or identifiable natural person, including information that can identify an individual when taken in combination with other information to which we have or are likely to have access. We collect personal data from a Merchant for various purposes or a Customer at the Merchant’s request, such as providing you with the Services and maintaining the best operation of the Services. Your interaction with us may include: registering an account with the Huawei Cloud website, subscribing to the Services, completing payment with us, contacting us when experiencing (technical) problems, browsing our Website and configuring your settings for your account.

If you provide us with any personal data relating to a third party (e.g. information of your employees and/or end users), by submitting such information to us, you represent and warrant to us that you have notified such third party of the terms of this Statement, and that such third party has consented to you disclosing his/her personal data to us for the collection, use and disclosure of their personal data by us as described in this Statement.

1.1 Depending on your use of the Services, we collect the following personal data: Merchant's Personal Data

a. Personal data provided through Huawei ID to register user accounts, such as mobile phone number, email address, account name as required for registration. For more information about Huawei ID, please refer to Statement About HUAWEI ID and Privacy

b. Personal data provided when you manage your account information, contact us, use the Services, such as contact information (full name, email and mailing address, mobile phone number), means of identification (passport or other ID information), payment information (such as bank account information including credit card number, expiry date and security code, invoice information), Services and technical support information (such as chat sessions or phone conversations, problem description, and other information you uploaded when you contact us for seeking assistance) and your signature.

c. Personal data provided when you add and manage your e-store administrators, such as mobile phone number, email address, account name and user name. We only collect and use such personal data at the discretion of the Merchant who determines how and why to use the personal data. If any Merchant’s administrators have any concern or query on their personal data collection and use, please contact Merchant directly or visit the Merchant’s privacy policy.

If a Merchant chooses not to provide the data required, you may not be able to use those Services. For example, if you do not register an account on Huawei Cloud website by submitting your personal data, you cannot use the Services.

1.2 Customer's Personal Data

Our Merchants subscribe to and use Services to run their businesses. If you visit or make a purchase from a Merchant’s Huawei Cloud-powered e-store, we at the request of that particular Merchant collect and use the following your personal data to enable them to operate the business. Our Merchants are the data controllers who determine how and why to collect and use your personal data.

a. Personal data provided when you register an account with or log in the Merchant’s e-store, such as user name (first name/last name), email address and password.

b. Personal data provided when you browse the Merchant’s e-store or place an order on the Merchant’s e-store, such as the purchased items, total purchase amounts, transaction result, logistics order number, shipping address, billing address, email address, user name(first name and last name), passcode, mobile number, registration time, billing number, order number, payment order number, browser history, search history, click history, keywords in search history, shopping-cart history, exposure records, dwell time and other browsing information.

2. How Huawei Cloud Processes Your Personal Data

We process (which includes collecting, using and disclosing) your personal data for the following purposes.

2.1 Merchant's Personal Data

a. Creating your Huawei Cloud account to purchase the Services on the Website.

b. Contacting you, and sending you notices related to the provision of the Services.

c. Adding and manage your e-store administrators.

d. Using automated processes to tailor your Services experiences based on various data, including your personal data, and providing you with personalized user experience and content on such basis.

e. Improving the Services through internal audits, data analysis, and research.

f. Analyzing the efficiency of our business operations and evaluating market share.

g. Troubleshooting when you send us error reports.

h. Ensuring the security of the Services and our customers or users, executing and improving our loss prevention and anti-fraud programs.

i. Complying with and enforcing applicable legal or regulatory requirements, or industry standards.

j. Any other purposes which we may separately notify you and obtain your consent for.

2.2 Customer's Personal Data

We process Customers’ personal data as required by the Merchants for providing the Services to them, including:

a. help Customers register accounts on the e-store to purchase Merchants’ items;

b. help Merchants run the e-store, complete a transaction, screen and fulfil orders and provide e-commerce services to their Customers;

c. help Merchants have intelligent search, intelligent recommendation and multi-dimensional analysis functions in order that they could keep abreast of e-store dynamics;

d. help Merchants improve the Customers’ experiences when shopping on their e-stores.

3. How Huawei Cloud Uses Cookie

Cookies are small data files that that placed on your computer or mobile device when you visit Merchant’s e-store. Cookies serve different purposes, like helping Merchants understand how their e-stores are being used, letting their Customers navigate between pages efficiently, helping their Customers process the items in the Customers’ shopping cart, helping Merchants remember the Customers’ preferences and generally improving users’ browsing experiences.

A Customer can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. If you turn your cookies off, the Merchants may not be able to provide the e-store services or certain features of the services to you. However, you can still contact Merchants for more help through Merchant’s Customers Services.

We do not share cookie data with any third parties, and third parties may not have access to those cookies.

4. How Huawei Cloud Shares Your Personal Data

Sharing means providing third parties with personal data, where such third parties would handle the personal data independently of us.

4.1 Merchant’s Personal Data

We do not share the Merchant’s personal data with third parties without the Merchant’s consent, except in the following circumstances or as described in this Statement:

a. Third parties under your instruction. We may share your personal data with your express consent and/or in accordance with your instructions.

b. For compliance, fraud prevention and safety. We may share your personal data for compliance, fraud prevention and safety purposes.

c. Affiliates. We may share your personal data with our affiliates, for purposes of transactions support, Services support or security support.

4.2 Customer’s Personal Data

We use the following partners to help us provide Services to our Merchants and we do not share personal data with any other third parties unless the Merchant instructs us to share your personal data or we are required to do so in response to requests by public authorities, including to meet national security or law enforcement requirements. If you have any query on how a Merchant shares your personal data, please contact your Merchant or visit its relevant privacy policy.

a. Affiliated company. We share your personal data with our affiliate company (Huawei International Pte. Ltd. registered in Singapore) which stores and processes your personal data in order to provide Services to our Merchants.

b. Third-party service providers. We use various third party companies as service providers which process data and perform other functions on our behalf and provide Services to Merchants (such as email services, logistics inquiry, payment services): ⑴ Email services. Your email address, billing information and order information may be transferred to [Alibaba Cloud Computing Co. Ltd.] registered in [China] so that it could provide email services to Merchants. ⑵ Logistics inquiry. Your courier tracking number and courier information may be transferred to [Demon Network Tech Co., Ltd.] registered in [China] so that it could offer logistics inquiry services to Merchants. ⑶ Payment services. Your payment order number, order information (e.g. purchased items, purchase price) may be transferred to [Shenzhen Ocean Payment Network Technology Co., Ltd.] registered in [China] so that it could offer payment services to Merchants.

5. How Huawei Cloud Protects Your Personal Data

We take the security of your personal data seriously. We take appropriate physical, organizational, and technical measures to protect your personal data. For example, we use encryption to ensure data confidentiality; we use trusted protection mechanisms to prevent malicious data attacks; we deploy access control mechanisms to ensure that only authorized personnel can access your personal data; and we raise awareness among employees about the importance of protecting personal data through security and privacy protection training sessions. While we take the utmost care to protect your personal data, please note that no security measures are completely infallible. You can find more details on our security certification at Huawei Cloud Compliance Center. To this end, we take the following measures:

1) We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed.

2) We use a range of technologies such as cryptographic technologies to ensure the confidentiality of data in transmission. We implement trusted protection mechanisms to protect data and data storage servers from attacks.

3) We deploy access control mechanisms to ensure that only authorized personnel can access your personal data. In addition, we control the number of authorized personnel and implement hierarchical permission management on them based on service requirements and personnel levels.

4) We strictly select business partners and service providers and incorporate personal data protection requirements into commercial contracts, audits, and appraisal activities.

5) We hold security and privacy protection training courses, tests, and publicity activities to raise employees' personal data protection awareness.

6) Although we protect your personal data, you are responsible for safekeeping your login data including account ID, username and passwords.

In a word, Huawei Cloud is committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure.

To cope with possible risks, such as personal data leakage, damage, and loss, Huawei Cloud has developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and corresponding processing procedures. Huawei Cloud has established a dedicated emergency response team to implement security planning, loss reduction, analysis, locating, and remediation, and to perform tracking operations with related departments based on security incident handling regulations and requirements.

6. How Long Huawei Cloud Retains Your Personal Data

6.1 Merchant’s Personal Data

We will retain the Merchant’s personal data for no longer than is necessary for the purposes set out in this Statement, unless otherwise required by laws or requested by such Merchant. The data storage period may vary depending on the processing purpose and the relevant Service.

We will maintain the Merchant’s Huawei Cloud account information as long as is necessary for us to provide the Services to you or to perform our obligations or exercise our rights under agreements related to the Services. You can choose to close your account. After you close your account, we will stop providing you with the Services and delete your relevant personal data, provided that we are not required to continue to process certain of your personal data by law, e.g. for accounting or bookkeeping purposes or to perform our obligations, or exercise our rights under agreements related to the Services.

6.2 Customer’s Personal Data

The Merchant from whom you place an order on the e-commerce store controls your personal data and determines how long your information is retained. We only process your personal data according to the instructions of the Merchant. If you have any question on the retention period of your personal data, please contact the Merchant directly.

7. How to Access and Control Your Personal Data

7.1 Merchant’s Personal Data

It is your responsibility to ensure that all personal data submitted to us is correct. We are dedicated to maintaining the accuracy and completeness of your personal data and keeping your personal data up-to-date based on the information you provide to us.

According to applicable laws and regulations of some countries and/or regions, data subjects may have rights to make requests (hereinafter referred to as “requests”) of accessing, correcting, deleting or erasing the personal data retained by us.

You can easily amend and control the personal data we hold about you as follows:

a. E-store administrator account information: If you want to add or update personal data related to your account, please go to the store log into your account via Log in>My Account. For modification of information provided you can access by the menu “My Account”.

b. Huawei Cloud account information: If you want to update personal data related to your account, please visit the Huawei Cloud website and log in to your account: Login > Account Center.

Please note that these rights are not absolute and may be restricted in accordance with applicable laws. If you need our assistance to exercise the rights above, please contact us as set out in “11. How to Contact Huawei Cloud” below.

You can delete your account in the account-related Services. After you delete your account, we will stop providing Services, and delete your personal data unless otherwise stipulated by law. Your account cannot be restored after deletion. You need to register a new account if you want to use related Services again.

7.2 Customer’s personal data

We can't help you access, correct, erase, or port your information without being directed to by the Merchant. If you want to make a request on your personal data, please contact the specific Merchant directly.

8. How Huawei Cloud Handles Personal Data of Children

Our Services are only intended for adults. Minors are not allowed to create their own user account.

9. How Your Personal Data Is Transferred Internationally

In order to provide the Services to the Merchant and respond to the request from the Merchant, we may store your personal data in countries/regions where Huawei Cloud, Huawei Cloud’s affiliate companies, or Huawei Cloud’s service providers or subcontractors are located. This means your personal data may be transferred to countries or regions outside the places where you are located or where we collect your personal data, and be accessed and stored in those jurisdictions.

These jurisdictions may have different data protection laws, which may impose less stringent data protection requirements. In such cases, we will ensure the transfer is in accordance with applicable laws and regulations (including by ensuring that overseas recipients are subject to confidentiality and data protection obligations where appropriate), as well as this Statement.

10. How This Statement Is Updated

We may update or modify this Statement from time to time according to changes in our Services or data processing. If we update this Statement, we will publish the latest version of the Statement on the Website, and it will take effect immediately upon its release. You are advised to review this Statement periodically for any changes.

11. How a Merchant Contacts Huawei Cloud

We have set up a dedicated personal data protection department (or data protection officer). If a Merchant has any questions, comments, or suggestions, please contact us or submitting them to our global offices. If you want to exercise your privacy rights, or wish to raise or consult us on any privacy issues please visit our Data Subject Right Portal. You can also contact us by email [dpo.sg@huawei.com]. You can also raise a concern or lodge a complaint with a data protection authority or other official with jurisdiction.

Last Updated: July 30th, 2022