Privacy Policy
Last Updated : May 2023
About this Privacy Policy
SHIELD AI Technologies Pte Ltd ("SHIELD", "we", "us", "our Company") provides Merchants ("Merchants") with a system ("System", "SHIELD System") that prevents fraudulent activities in digital ecosystems, including mobile apps and e-commerce platforms ("Merchant’s Platforms"). Merchants integrate the SHIELD system so when users ("User", "you") conduct activities in Merchant's Platforms, the SHIELD System can detect fraudulent activities performed at the Merchant’s Platforms in the form of registration of fake accounts, promo and referral code abuse, fraudulent online transactions, unauthorised login, hostile account access and other fraudulent activities ("Services", "SHIELD Services").

This Privacy Policy describes how SHIELD collects, uses and stores information that is required to fulfil the purpose of preventing fraudulent activities in digital ecosystems. You are requested to read this Policy to learn how we collect, use and store that information when you:
  • Perform activities in Merchant’s Platforms ("SHIELD System Privacy Policy")
  • Interact with our website ("SHIELD Website Privacy Policy")
  • Apply for a job position at SHIELD AI Technologies Pte Ltd (Singapore) or any of its subsidiaries worldwide ("SHIELD Human Resources Privacy Policy").
Definitions
  • "Contract" means the performance by User of the activities offered by Merchants within Merchant’s Platforms
  • "EEA" means the European Economic Area.
  • "European Data Protection Legislation" means the GDPR and other data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the processing of Personal Data under the Agreement.
  • "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
  • "Merchants" refers to companies that own and operate any e-commerce platform and/or mobile app that makes use of SHIELD Services and proprietary technology to detect fraudulent activities in their digital ecosystems and to make online services at their platforms smoother and safer.
  • "Merchant Platforms" refers to any digital ecosystems, including e-commerce platform and/or mobile app that make use of SHIELD Services and proprietary technology to detect fraudulent activities.
  • "Online Activity" refers to any online transaction and other online activities such as but not limited to account creation and registration, account log in, account activity, payment, transfer of funds, funds withdrawal and similar as offered in the Merchant’s Platforms.
  • "Personal Data" refers to non-sensitive data from User’s device and connection attributes, User’s passive behaviour in Merchant’s Platforms, shopping cart and payment information sent by Merchant to SHIELD with User’s consent to fulfil the purpose of fraud prevention in the performance of the contract between User and Merchant.
  • "SHIELD Services" means the real-time screening and the automated generation of a risk score on the potential fraud in activities happening in digital ecosystems of Merchants within the SHIELD system, performed through SHIELD’s proprietary technology.
  • "SHIELD System" means the proprietary technology fully developed and owned by SHIELD AI Technologies Pte Ltd that provides with the SHIELD Services to fulfil the purpose of detecting fraudulent activities in digital ecosystems of Merchants.
  • "Subprocessors" means third parties authorised by SHIELD and by Merchant to fulfil the purpose of fraud prevention in the performance of the contract between User and Merchant.
  • "User" means any individual who lands on Merchant’s e-commerce platforms or mobile apps to conduct a contract with Merchant under the form of online transaction or any other online activity on Merchant’s digital ecosystem.
Unless otherwise stated, the terms “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this Policy have the meanings given in the GDPR. If you wish to know more about the EU General Data Protection Regulation, please consult EU GDPR.ORG
SHIELD Services Privacy Policy
Please note that the Privacy Policy described below only applies to the collection, use and storage of your data for the performance of SHIELD Services. Kindly refer to the Privacy Policy provided by the Merchant to understand how the Merchants collect, use and store your information for purposes other than fraud prevention as outlined in this Policy.
What Data Do We Collect?
The data outlined below is not aimed at personally identifying a User, but at detecting and grouping devices that may be fraudulent.

Passive Biometric Data. We collect information about User’s passive behaviour in Merchant’s Platforms, for example how cursor moves, the number of words per minute typed on the e-commerce platform/mobile app, the number of mouse clicks, the number and pressure of finger swipes.

Device Information. This includes browser information, operating systems, and connection attributes of User’s device to connect to Merchant’s e-commerce platform or mobile app. Other than the permissions granted by User to the Merchant, SHIELD does not request additional permissions from the User to perform the purpose of detecting fraud in Merchant’s Platforms.

Shopping Cart Information. Upon Merchant’s request, we may collect information submitted on Merchant’s Platforms, such as the amount, description and price of items bought, and shipping information, which may include name, shipping address and e-mail address.

User Information. Upon Merchant’s request, we may collect information of User’s past activity at the Merchant’s Platform such as the number of times User interacts with Merchant’s Platform and basic information about User’s Customer Account at Merchant’s Platform, should there be one.

Payment Information. We may collect basic payment information submitted on Merchant’s Platforms to perform a payment online, such as the type of payment method chosen on Merchant’s Platform, and basic billing information. SHIELD does not collect full credit card numbers.

Geolocation Information. Provided User has given Merchant permission on the Merchant’s Platform, we collect User geo-location based on User’s IP address.

Aggregated Data. We may verify the data outline above using third-party online resources such as search engines, social networks and mapping services, which are all available to the general public.

Cookies. The Merchant website assigns a small piece of information to User’s browser whenever User interacts with the Merchant’s Platform. This small piece of information is called a “cookie”. When a User browses the Merchant’s Platform, Merchant may send us the “session cookie” to help us enhance the accuracy of fraud detection. This “session cookie” will be deleted once the User closes its browsing session.

If User is a data subject in the EEA, cookies can be disabled from the small pop-out window that appears on the screen when browsing the Merchant’s Platform. If User is an individual outside the EEA, cookies’ policies can be modified through the device and browser settings.

Special Categories of Personal Data. SHIELD does not collect information that may be classified as Special Category under Article 9 of GDPR.
How Do We Collect the Data?
The data outlined above is collected in the following cases:
  • When User interacts with Merchant’s Platforms, granting consent for this information to be collected as per Merchant’s own Privacy Policy to perform the contract between User and Merchant.
  • When User performs Online Activities at Merchant’s Platforms, granting consent for this information to be collected as per Merchant’s own Privacy Policy and Terms and Conditions.
  • When information was made available by user on publicly available platforms, such as search engines, granting consent for this information to be available as per the platform’s own Privacy Policy.
Storing Data as a Processor & Subprocessor
SHIELD may at its sole discretion and with the approval of Merchants choose a subprocessor to store the data collected. SHIELD ensures that subprocessors treats data and ensures its security and integrity with the same standards as SHIELD, and that subprocessor complies with all data protection policies, including EU GDPR.

SHIELD has assigned the following companies as subprocessors, for the sole purpose of data storage:
Automated Individual Decision-Making
SHIELD generates an automated risk score on the potential fraud in Online Activities. It is the Merchants’ (the Data Controller) own discretion to follow SHIELD’s automated risk score and make an automated decision, in accordance with Article 22 of the GDPR.
Data Sharing, Data Retention and Transfer of Data to Third Countries
Sharing Data
Unless required by Supervisory Authorities or to comply with proceedings by legal authorities, SHIELD does not share, rent or sell your information to any third-parties, including the anonymised information on fraudulent patterns that we may collect from performing the Services.

Retaining Data
SHIELD retains data collected for as long as needed to provide the outlined purpose in this Privacy in fully compliance with applicable regulations. Should the current legislation grant User the right to delete User’s data and should User exercise it, User should send questions regarding User Data rights to [email protected]. In such case, we may request User to provide us with additional personal data for the purpose of verifying User’s identity. The deletion of User’s data in SHIELD System may interfere with SHIELD’s ability of detecting fraud in User’s subsequent online activities at Merchant’s Platforms.

Transfer of Data to Third Countries
SHIELD may transfer and process User information outside of User’s country of residence, including any of the Member States of the European Union, the United States and Singapore. We always ensure that adequate level of data protection is granted in all cases, by implementing legally approved mechanisms to allow for such data transfer. Some of these mechanisms include the EU Special Contractual Clauses under EU GDPR, those observed under EU-U.S. Privacy Shield and those observed under Singapore’s Personal Data Protection Act (PDPA) 2012, among others.
Data Security Safeguards
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.If a User believes that the privacy of data with SHIELD may have been tampered or subject to unauthorised access, we request Users to contact us immediately at [email protected].
Data Rights: GDPR and Data Subjects in the EU
Individuals living in the European Union ("Data Subjects") should be aware of the following aspects compiled under the EU GDPR:
SHIELD acts as a data processor and has lawful purpose to collect the data described above, in order to provide the fraud prevention Services. Merchant acts a data controller. SHIELD assumes that User grants consent to Merchants to collect and process the User’s data as described above so User can perform the contract between the User and the Merchant. The contract is the Online Activities performed by User in Merchant’s Platform.

It is the Merchants’ own discretion to follow SHIELD’s automated risk score on the potential fraud in the Online Activities. Users can address to Merchants any questions about the automated decisions of Users’ Online Activities on Merchant’s Platform. 

Data Subjects are granted the right to access, modify and delete their data. Should Users choose to exercise any of these rights, particularly the right to deletion (“right to be forgotten”), SHIELD may retain certain information required by law or by compliance with the online payments industry, even if the rest of the information is deleted. Should the current legislation grant User the right to delete User’s data and should User exercise it, User should send questions regarding User Data rights to [email protected].  In such case, we may request User to provide us with additional personal data for the purpose of verifying User’s identity. The deletion of User’s data in SHIELD System may interfere with SHIELD’s ability of detecting fraud in User’s subsequent online activities at Merchant’s Platforms.

Additionally, Users in the EU are informed of their right to file an official complaint at the corresponding Supervisory Authority, duly appointed by their Member State.
Data Rights: Individuals Outside the EU
Users outside the EU are encouraged to review the best practices recommended by the Data Protection Authorities in the countries of residence. If a User believes that the privacy of the data with SHIELD may have been tampered or subject to unauthorised access, User should contact us immediately at [email protected]. In such case, we may request Users to provide us with additional personal data for the purpose of verifying User’s identity.
Supervisory Authority
SHIELD AI Technologies Pte Ltd – Supervisory Authority in Singapore
Personal Data Protection Commission

SHIELD AI Technologies Pte Ltd – Supervisory Authority in Germany
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Contact SHIELD
For users in the EEA: SHIELD AI Technologies Pte. Ltd., Schönhauser Allee 163, 10435 Berlin, Germany
For users outside the EEA: SHIELD AI Technologies Pte Ltd, 1 Fifth Ave, #04-06 Guthrie House, Singapore 268802
SHIELD Website Privacy Policy
We take your privacy seriously and want to ensure the highest standards for data security. Please note that the Privacy Policy described below only applies to the collection and use of your data at www.shield.com, a domain fully owned by SHIELD AI Technologies Pte Ltd Singapore.

We collect non-personal information that does not identify you as an individual user because it helps us deliver a superior level of customer service, improve the content at our website, give users convenient access to our products and services and focus on categories of greatest interest to you. Non-personal specific information may be used to market directly to that profile subject to requirements of applicable law. This non-personal specific information may be shared with third parties. Unless required by Supervisory Authorities or to comply with proceedings by legal authorities, SHIELD does not share, rent or sell your information to any third-parties.

Non-personal information collected may be stored in our database and will be used in accordance with applicable regulation.
What Data Do We Collect?
Browsing and Navigation Data. We collect information about your behaviour in our website that may include but it is not limited to number of pages visited, time spent on each page, landing page and source page, IP Address and country of connection, language and browser information.

Personal Information. Should you make use of either the Contact Us form or Enquiry Email available at our website, we may collect information such as Name, Company, E-Mail Address, Website and Telephone Number.
How Do We Collect the Data?
The data outlined above is collected when User interacts with our website. We assume you have read and agreed this Privacy Policy when navigating our website.

Cookies. The website sends a small piece of information called a cookie while you are browsing which will be stored on your hard drive and that contains information about your browsing behaviour. SHIELD uses cookies to enhance your user experience, improve our service and monitor the use of our site.

If you are a data subject in the EEA, you will be able to disable the cookies from the small pop- out window that appears on your screen every time you browse our Website. If you are an individual outside the EEA, you can make use of your browser and device settings to modify the cookies’ policies.
Data Storage, Sharing, Retention and Transfer to Third Countries
Data collected from visitors to our website (“Users”) is neither shared not transferred to any third countries.

Subscription to our E-newsletter
Should you receive our E-newsletter without having subscribed to it, you are kindly asked to make use of the Opt Out/Unsubscribe option at the bottom of the bulletin to delete your information, including your e-mail address from our recipient’s list.
Data Security Safeguards
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.

If you believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at [email protected]. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
Changes and Updates to Our Website Privacy Policy
We reserve the right to change and update this Website Privacy Policy, therefore you are kindly asked to check it on a regular basis. The use of the SHIELD Website after a change or an update has been made means that you agree with such change or update.

Consent and Ensuring Data Subject Rights
By browsing our Website or by making use of our e-mail addresses and inquiry form, you agree to this Website Privacy Policy. Should you wish to exercise the Data Subject rights granted to you (access, modify, delete) the information, you may contact us to [email protected]. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
Contact SHIELD
For users in the EEA: SHIELD AI Technologies Pte. Ltd., Schönhauser Allee 163, 10435 Berlin, Germany
For users outside the EEA: SHIELD AI Technologies Pte Ltd, 1 Fifth Ave, #04-06 Guthrie House, Singapore 268802
SHIELD Human Resources Privacy Policy
Please note that the Privacy Policy described below only applies to the collection and use of your data when you (“Candidate”) apply for an open position (“Job”) at SHIELD AI Technologies Pte Ltd or any of its subsidiaries.

We collect your information because we want to assess your suitability as a candidate for the job opening.
What Data Do We Collect?
For Candidates to Job Positions at SHIELD offices outside Singapore. We may request you to send us your complete CV, including academic background, employment history, link to professional online network online such as LinkedIn, Xing or equivalent in the market where the job position is open, and basic contact information, including your Name, E-Mail and Telephone Number.

For Candidates to Job Positions at SHIELD office in Singapore. We may request you to send us your complete CV, including academic background and records, employment history, references, link your professional online network online such as LinkedIn, NRIC/passport number, Visa information and Visa eligibility (for non-Singaporean citizens or non-Permanent Residents), and basic contact information, including your Name, E-Mail, Address and Telephone Number.

Candidates Referred to Job Positions by Recruiting Agencies and Job or Professional Online Platforms. SHIELD shall not be liable for the security in the collection, process and storage of the data collected by any appointed Recruiting Agency and Job or Professional Online Platforms. Candidates are encouraged to review and agree to the Data Privacy Policy of the Recruiting Agency and Job or Professional Online Platforms before submitting applications.
How Do We Collect the Data?
The data outlined above is collected when Candidate sends his/her job application to SHIELD’s dedicated e-mail address. We assume you have read and agreed this Privacy Policy when submitting your job application.
Data Storage, Sharing, Retention and Transfer to Third Countries
Data collected from job applicants (“Candidates”) is neither shared not transferred to any third countries. SHIELD does not share, rent or sell your data to any third party, neither does it use your personal information for purposes other than the one outline above.
Data Security Safeguards
SHIELD goes to great lengths to maintain the adequate levels of data protection during collection, transfer and storage. Our security safeguards include but are not limited to audit and risk assessments, periodic reviews, access controls to both physical and cloud data centres, network security controls, and vulnerability and penetration tests.

If you believe that the privacy of your data with SHIELD may have been tampered or subject to unauthorised access, please contact us immediately at [email protected]. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
Changes and Updates to Our Website Privacy Policy
We reserve the right to change and update this SHIELD Human Resources Privacy Policy, therefore you are kindly asked to check it on a regular basis. Applying for a position at SHIELD after a change or an update has been made means that you agree with such change or update.

Consent and Ensuring Data Subject Rights
By applying to positions at SHIELD, you agree to this SHIELD Human Resources Privacy Policy. Should you wish to exercise the Data Subject rights granted to you (access, modify, delete) the information, you may contact us to [email protected]. In such case, we may request you to provide us with additional personal data for the purpose of verifying your identity.
Contact SHIELD
For users in the EEA: SHIELD AI Technologies Pte. Ltd., Schönhauser Allee 163, 10435 Berlin, Germany
For users outside the EEA: SHIELD AI Technologies Pte Ltd, 1 Fifth Ave, #04-06 Guthrie House, Singapore 268802