Global-e Privacy Policy

Last updated: July 15, 2021

This Privacy Policy (“Policy”) governs how we, Global-e or any of our affiliated companies (Global-e U.K. Ltd., Global-e US

Inc, Global-e NL B.V., Global-e France SAS, Global-e Spain S.L., Global-e Canada E-commerce Ltd., Globale Hong Kong

Limited, Global-e CH AG, Global-e Australia Pty Ltd., Global-e Japan KK, Global-e (Beijing) Technology Co., Ltd., Global-e

Online Pte. Ltd., Olami E-commerce Solutions Ireland Limited, in each case) (together with our respective affiliates and

subsidiaries, “Global-e”, “we”, “our” or “us ”), collect, receive, use, store and disclose Information (defined below) about

individuals in connection with the use of our online order processing and fulfilment services for the sale of products to

you (“Service”)͘

We make great efforts ascertaining that we secure your Information and use it properly.

This policy explains our privacy practices for processing Information regarding our Services. We will collect, use or disclose

your Information only in accordance with the terms of this policy.

For Canadian residents: Please note that the Information we collect from you may be transferred to Israel, the United

Kingdom (UK), the European Union and the United States. By agreeing to this Policy, you consent to your Information

being transferred and collected, used, and disclosed in accordance with this Policy.

For Brazilian residents: Please note that the Information we collect from you may be transferred to Israel, the UK, the

European Union and the United States. By agreeing to this Policy, you agree to your Information being transferred and

collected, used, and disclosed in accordance with this Policy.

For residents of the China Mainland: Please note that the Information we collect from you may be transferred to Israel,

the UK, the European Union and the United States. By agreeing to this Policy, you consent to your Information and

sensitive personal Information being transferred and collected, used, and disclosed in accordance with this Policy.

For Australian residents: Please note that the Information we collect from you may be transferred to Israel, the UK,

European Union and the United States. By agreeing to this Policy, you consent to your Information being transferred and

collected, used, and disclosed in accordance with this Policy. By consenting to overseas disclosure, you acknowledge that

we do not guarantee that the overseas recipient will comply with the Australian Privacy Principles and they may not be

subject to privacy obligations similar to those in your jurisdiction. We will not be liable to you for breaches of the

Australian Privacy Principles committed by the overseas recipient.

For users in Singapore: Please note that the Information we collect from you may be transferred to Israel, the UK, the

European Union and the United States. By agreeing to this Policy, you consent to your Information and sensitive personal

Information being transferred and collected, used, and disclosed in accordance with this Policy.

The below summary of this Policy will give you an overview of our practices. Please also take the time to read our full

Policy for further detail in each area.

If you do not wish us to collect your Information, please do not submit it to us. However, please bear in mind that we

will not be able to process your order without receiving your details.

Global-e may change and update the terms of this Policy from time to time. If we decide to change our Privacy Policy

materially, we will post the revised Policy here with an updated effective date and we will inform you of such changes by

any appropriate means.

Global-e Privacy Policy V20 July 2021

Summary of Global-e Privacy Policy

The Information You Provide Us and We Collect

If you use the Service, we will need your Information (such as your name, email address and physical address) to process

the transaction and deliver the purchased products. We will need your payment details to process your payment. We will

also receive any Information that you provide us when you contact our customer support.

We automatically log ‘traffic/session’ information including IP addresses and your user agent. We also collect session

durations and additional activity information.

Cookies - We use cookies to make it easier for you to log-in and to facilitate Service activities. We use standard analytics

tools. The privacy practices of these tools are subject to their own privacy policies and cookies.

What Do We Do with Your Information? - We use your Information for performing the contract with you and for our

related legitimate interests. We maintain the Service, make it better, and continue developing it, and protect us and the

Service from misuse and law violations.

Sharing Information with Others - We will share Information that we collect with the specific Retailer who owns or

operates the website from which you made your purchase. We will provide the Retailer with your Information for

Retailer’s marketing purposes, if you provided your specific consent.

If you do not agree with the disclosure of your Information to a third-party retailer, you will not be able to use the Service.

By agreeing to this Policy, you agree to the disclosure of your Information to third-party retailers. You will also need to

read and understand the privacy policies of those retailers.

We will share your Information with service providers and other third parties, including those who provide us standard

analytics tools, if necessary, to fulfil the purposes for collecting the Information, provided that any such third party will

commit to protect your privacy as required under applicable law and this Policy.

Sharing Information in case of a Structural Change - a merger, acquisition or any other structural change will require us

to transfer your Information to other entities, provided that the receiving entities will comply with similarly protective

policy in accordance with applicable law.

Anonymous, Aggregated and Analytical Information - We may take steps to de-identify and make anonymous some of

your Information so that it no longer can be used to directly or indirectly identify you (we will do this in a way that will

also prevent this data from ever being re-identified). We may use Anonymous Data in a number of ways to improve our

Services or share it with third parties. In those case, we will do so without notice to you.

Your Choice - You may terminate your use of the Service. Our Service does not respond to Do Not Track (DNT) signals.

Specific Provisions for California Residents and Consumers Privacy Rights - If you are a California resident, further terms

apply to our processing in relation to your rights as a consumer under the CCPA.

Specific Provisions for Brazilian Residents - if you are a Brazilian resident, further terms apply to our processing in relation

to your rights as a data subject under the Brazilian Data Protection Law - (“LGPD”)͘

Other Sites and Services - The Service contains links to third party websites and services that are subject to their own

privacy policies. Please read these policies and make sure you understand them.

Children’s Privacy - We do not intend to collect Information from anyone we know to be under the legal minimum age

in each jurisdiction where the Service is available (“Minimum Age”)͘ If you believe that we have collected such

information, please contact us.

Security and Data Retention - We implement systems, applications and procedures to secure your Information, to

minimize the risks of theft, damage, loss of Information, or unauthorized access or use of Information. We retain data as

needed, to provide the Service and for legitimate and lawful purposes.

Global-e Privacy Policy V20 July 2021

Accessing and Correcting Your Information - At any time you can request access to your Information by contacting us.

You may also request that your information be corrected should it be inaccurate.

Your EU and UK Data Subject Rights - If we process your Information when you are in the EU or where UK data protection

laws apply, further terms apply to our processing in relation to your rights as a data subject under EU and UK data

protection laws.

Transfer of Data Outside your Territory - If we transfer your Information outside your territory, it will be in accordance

with applicable law and this Policy.

Dispute Resolution - Contact us at: [email protected] or write us for specific requests or complaints. We will

make good-faith efforts to resolve any existing or potential dispute with you.

Additional Information for Users of Other Jurisdictions - If you are a user in certain other jurisdictions, we have some

clarifications and further information for you in relation to the applicable local law.

Changes to this Privacy Policy - We will update this Policy from time to time and post any material changes we make. If

you continue to use the Service after these changes are posted, you agree to the revised Policy

according to Art. 27 GDPR is Rickert Rechtsanwaltsgesellschaft mbH, Colmantstraße 15, 53225 Bonn, art-27-rep-global-

[email protected].

How We Collect Your Information

We receive and collect Information from you in the following ways:

1.1

Purchases. The Service enables you to purchase online merchandise from retailers in certain jurisdictions that do

not normally provide order processing and fulfilment services (“Retailers”)͘

If you choose to make a purchase, payment or place an order via the Service we will require sufficient

information, including Information, from or about you in order to process and complete the transaction, as well

as to provide subsequent notification and support services.

This information will be provided by you to us directly or in certain cases (where you are pre-registered with the

Retailer) specific information will be provided by the Retailer to pre-populate transaction forms for ease of

completion by you.

1.2

Transaction. We collect information about the item(s) purchased and about you - the purchaser, in particular:

first name, last name, email, phone number and postal address and payment information including the payment

method and payment details (with expiration dates) and any payment voucher details that you provide us.

1.3

Delivery. We collect information about the preferred shipping and delivery details relevant to the specific

transaction and contact details to send notification of the placement shipping and fulfilment of the order.

1.4

Enquiries. When you contact us, or when we contact you, we will receive and process any Information that you

provide us.

1.5

Log Files. We use log files that we collect automatically from your computer or device when you interact with

the Service. The information contained in log files includes internet protocol (IP) (the unique address that

identifies your computer or device on the internet), type of browser, Internet Service Provider (ISP), date/time

stamp, referring/exit pages, clicked pages and any other information your browser sends to us.

“Information” means any information relating to an identified or identifiable individual including a first and last

name an email address, a home or other physical address, or other contact information. It also includes indirect

identifiers such as credit card information or online identifiers. Subject to applicable law, Information we process

may include types of information which your jurisdiction may regard as sensitive, such as forms of financial or

Global-e Privacy Policy V20 July 2021

payment information. We will follow applicable law in the processing of such Information for the purposes

mentioned under this Policy.

We use cookies and similar tracking technologies to make sure that our Service is continuously improved and

meets your needs.

Please view our Cookies Policy for more information on our use of cookies.

What Do We Do with the Information?

Your Information will be used in the following ways:

3.1

Performance of our contract with you. We will use your Information to provide you with the Service under the

Service Terms and Conditions, engage with customer service inquiries and administer and provide customer

support.

3.2

In order to be responsive to you and to maintain our business relationship, as a matter of legitimate business

interests (where applicable). We will use your Information to improve our Service, to prevent or detect fraud or

abuse, to personalize your user experience and to ensure our content and Services is presented in the most

effective manner for you and your device, to administer the Services and for internal operations, in order to

conduct troubleshooting, data analysis, testing, research, statistical and survey analysis, to contact you in

connection with the Service and any transactions that you have initiated or completed or in relation to security,

privacy or administrative related communications (these are not marketing orientated communications so we

do not rely on consent for these), to identify and authenticate your access to the parts of the Service that you

are authorized to access and maintain the safety and security of you and our customers, Services and businesses.

In addition, we may use the Information set out in Section 1 to comply with any applicable legal obligations, to

enforce any applicable terms of service and to protect or defend the Services, our rights, the rights of our

users/customers or others.

Where your Information is needed to fulfil the Service under the Service Terms and Conditions, a failure to

provide that information will prevent us from completing the transaction and we will refer you back to the

specific Retailer.

Sharing Your Information with Others.

4.1

Transferring Information to Retailers. In connection with using our Service to make purchases we will share the

Information that we collect from you (but except for payment data such as credit card number details) with the

specific Retailer who owns or operates the website from which you made your purchase.

Such Retailer will then be entitled to use your Information as if that Retailer has collected this information

directly, subject to the Retailer’s own privacy policy͘

For instance, the Retailer needs to know that you have made a purchase in order to process delivery of your

purchase, to handle any requests by you to return or replace a product and it needs to know if you are already a

subscriber or member of its services so that you can take advantage of any loyalty scheme that it administers.

If you do not agree with the disclosure of your Information to a third-party retailer, you will not be able to use

the Service.

4.2

Marketing. We do not use your Information for marketing purposes. Your information may be used for direct

marketing by the Retailer who owns or operates the website from which you made your purchase. You will be

offered the ability to provide your specific consent via our Service to receive such direct marketing materials

directly from the Retailer by either email, telephone, text message or post, relating to consumer goods and

services generally available via our Service, and from which you may have previously purchased through us or

which may be of interest to you. We will provide the Retailers with your name, email address, phone number

Global-e Privacy Policy V20 July 2021

and indication of consent (or the lack of) if you so agree and no additional information will be shared in that

regard. You may indicate your consent on the Checkout page here.

In order to understand how the Retailer uses your Information you should read, understand and agree to its

privacy notice and policies; we neither control nor are responsible for the policies of these retailers.

We do not ask, or receive, any valuable consideration in exchange of the share of your Information.

4.3

Using Affiliates to Store/Process Data. We will share your Information with our subsidiaries (including, but not

limited to, Global-e Australia Pty. Ltd. if purchases are made from Australia) or affiliated companies for storing

or processing such information on our behalf in connection with our provision of the Services. Such information

will be transferred to other jurisdictions around the world where our or their servers and systems are located, as

described in the Data Transfer section below. Where you use our Services from Europe to make purchases, your

data is stored on servers within the European Economic Area (“EEA”). We require that these parties agree to

process such information in compliance with Global-e policies and procedures.

Our website and Services are operated via servers situated in the EU. If we transfer Information outside the EEA,

UK or Brazil we will comply with applicable laws relating to data transfers outside the EEA, UK and Brazil as

described in the Data Transfer section below. It is important to note, however, that our website and Services are

operated via servers situated in the EU.

Global-e accepts full responsibility for the protection of your Information, according to the applicable privacy

legislation and this Policy during these onward transfers to third parties.

4.4

Using Third Party Service Providers. We will share (in so far as such sharing is necessary) your Information with

our third-party service providers (such as hosting providers, payment processors, anti-fraud service providers,

licensed customs brokers, data and website analytics services and order fulfilment providers) whose tools,

software, and services we use to process and complete your transaction(s).

We use commercially reasonable efforts to ensure that such third-party service providers will only process your

Information as part of providing the Service. Such third-party service providers are located in jurisdictions outside

of the jurisdiction in which you are located and if there is a transfer of Information outside of your jurisdiction,

we will comply with the applicable laws relating to data transfers and as further described in the Data Transfer

sections below.

We do not sell your information.

4.5

Necessary Disclosure. We will disclose your Information or any information you submitted via the Services if we

have a good faith belief that disclosure of such information is helpful or reasonably necessary to:

comply with any applicable law, regulation, legal process or governmental request;

enforce the Terms and Conditions, including investigations of potential violations thereof;

detect, prevent, or otherwise address fraud or security issues; or,

protect against harm to the rights, property or safety of Global-e, its users, yourself or the public.

Sharing Information in case of a Structural Change.

We will disclose or transfer your Information if we are acquired by or merged with a third- party entity, or if we

are bankrupted or liquidated. If we will use your Information or disclose for any purposes not covered in this

Policy in this regard, then we will make efforts to ensure that you receive prior notification of the new purpose

and where relevant, your consent obtained for those new purposes.

Global-e Privacy Policy V20 July 2021

Anonymous, Aggregated and Analytical Information.

We may take steps to de-identify and make anonymous your Information. In doing so we take steps to ensure

that this data cannot be re-identified. We may use Anonymous Data in a number of ways to improve our Services

or share it with third parties. In those case, we will do so without notice to you. We will also disclose Anonymous

Data (with or without compensation) to third parties, including advertisers and partners.

“Anonymous Data” means information which does not enable identification of an individual user so that

identification is irreversibly prevented, such as aggregated information about the use of our Service. Therefore,

such information does not constitute “Information” and use and disclosure of same does not affect any of your

rights under US, EU, Canadian or other applicable privacy laws.

We use standard analytics tools such as of Google Analytics and Hotjar.

Further information about how Google uses data when you use our service, is located at

http://www.google.com/policies/privacy/partners/.

We may use Hotjar in order to better understand our users’ needs and to optimize our service and experience͘

Hotjar is a technology service that helps us better understand our users’ experience (e͘g͘ how much time they

spend on which pages, which links they choose to click, what users do and don’t like, etc͘) and this enables us to

build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on

our users’ behavior and their devices͘ This includes a device’s IP address (processed during your session and

stored in a de-identified form), device screen size, device type (unique device identifiers), browser information,

geographic location (jurisdiction only), and the preferred language used to display our website. Hotjar stores this

information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the

data collected on our behalf.

Your Choice.

7.1

We request and collect minimal personal details that we need for the purposes described in this Policy. At any

time, you may opt to terminate your use of the Service according to the Service Terms and Conditions (see section

8 - Consumer Cancellation Rights) if you live in the EEA or UK.

Thereafter, we will stop collecting any Information from you. However, we will store and continue using or

making available certain Information that is related to you. For further information, please read the Security and

Data Retention section in this Policy.

7.2

Web browsers offer a “Do Not Track” (“DNT”) signal͘ DNT signal is a HTTP header field indicating your

preference for tracking your activities on the Service or through cross-site user tracking. Our Service does not

respond to DNT signals.

Specific Provisions for California Residents.

This section applies solely to individuals who reside in the State of California. We adopted this section to comply

with the California Consumer Privacy ct of 2018 (‘CCP

’) and any terms defined in the CCPA have the same

meaning when used in this section.

8.1

We have collected the following categories of Information from consumers within the last twelve (12) months:

Identifiers and Information categories listed in the California Customer Records statute (Cal. Civ. Code §

1798.80(e)). These include names, telephone number, postal address, online identifier Internet Protocol

address.

Commercial information such as products or services purchased, obtained, or considered, or other

purchasing or consuming histories or tendencies.

Internet or other electronic network activity information, including, but not limited to, browsing history,

search history, and information regarding a consumer’s interaction with the Service͘

Global-e Privacy Policy V20 July 2021

Geolocation data, such as physical location.

Inferences drawn from any of the information identified to create a profile about a consumer reflecting

the consumer’s preferences, characteristics, psychological trends, preferences, predispositions,

behavior, attitudes, intelligence, abilities and aptitudes.

8.2

We obtain the categories of Information listed above from the following categories of sources:

Directly and indirectly from you and your activity on our Service.

Third parties such as our retailers.

8.3

We use the Information we collect for one or more of the following business purposes:

To fulfill the reason for which the Information is provided.

To provide you with our products and services and to further develop and improve our products and

services.

To enforce our terms and as necessary to protect our rights.

To respond to law enforcement requests and as required by applicable law, court order, or

governmental regulations.

8.4

We disclose Information to third parties for business purposes as described above under the section titled

“Sharing Your Information with Others”͘

8.5

In the preceding twelve (12) months, We have disclosed the following categories of Information for business

purposes:

Identifiers, which We have shared with the following categories of third parties: service providers

involved in the performance of the fulfilment of the sales contract you entered into, including the

retailer;

Commercial information, which We have shared with the following categories of third parties: the

retailer of the merchandise you have purchased from us, the shipper that delivered your purchase to,

the bank or payment service provider that acquired the transaction for purchasing the merchandise;

In the preceding twelve (12) months, We have not sold Information.

Your California Rights

If you are a California resident, you may be entitled to the following specific rights under the CCPA regarding your

Information:

9.1

Access to Specific Information and Data Portability Rights

You have the right to request that we will disclose certain information to you about our collection and use of your

Information over the past 12 months. Upon confirmation of your request, We will disclose to you:

o The categories of Information We collected about you;

o The categories of sources for the Information We collected about you;

o Our business or commercial purpose for collecting that Information;

o The categories of third parties with whom we share that Information;

Global-e Privacy Policy V20 July 2021

o The categories of Information that we disclosed for a business purpose, and the categories of third parties to

whom we disclosed that particular category of Information;

o The specific pieces of Information We collected about you;

o If We disclosed your Information for a business purpose, we will provide you with a list which will identify the

Information categories that each category of recipient obtained.

9.2

Deletion Rights

You have the right to request that we delete any of your Information. Upon confirmation of your request, we will delete

(and direct our service providers to delete) your Information from our records, unless an exception applies.

9.3

Nondiscrimination Right

You have the right not to be discriminated against for exercising any of the aforementioned rights.

9.4

Exercising Your Rights

9.4.1.

To exercise the access, data portability, and deletion rights described above, please submit your request

to us by sending an email to: [email protected].

9.4.2.

Only you or a person authorized to act on your behalf, may make a request related to your Information.

You may also make a verifiable consumer request on behalf of your minor child. If you submit your

request through an authorized agent, we may request that the agent provide proof of your prior

authorization, as well as information necessary to verify your identity.

9.4.3.

A request for access can be made by you only twice within a 12-month period.

9.4.4.

We may ask you to provide additional information in order to verify your identity before we respond to

your request. We cannot respond to your request or provide you with the requested Information if we

cannot verify your identity or authority to make the request and confirm the Information relates to you.

We will only use the Information provided in your request to verify your identity or authority to make

the request.

9.4.5.

We will do our best to respond to your request within 45 days of its receipt. If we require more time (up

to additional 45 days), we will inform you of the reason and extension period in writing. If you do not

have an account with us, we will deliver our written response by mail or electronically, at your option.

9.4.6.

Any disclosures we provide will only cover the 12-month period preceding receipt of your request.

9.4.7.

The response we provide will also explain the reasons we cannot comply with a request, if applicable.

9.4.8.

For data portability requests, we will select a format to provide your Information that is readily useable

and should allow you to transmit the information from one entity to another entity without hindrance,

specifically by electronic mail communication.

9.4.9.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or

manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the

reasons for such decision and provide you with a cost estimate before completing your request.

10.

Specific Provisions for Brazilian Residents.

If you are a Brazilian resident, you may be entitled to the following specific rights under the LGPD regarding your

Information.

10.1

Your LGPD Rights:

Global-e Privacy Policy V20 July 2021

10.1.1.

The right to anonymize, block or erase data that is unnecessary, excessive or processed in violation of

the LGPD;

10.1.2.

The right to erase data that was processed based on consent, unless an exception applies;

10.1.3.

The right to confirm and access the Information we collect about you;

10.1.4.

The right to port data to another service provider;

10.1.5.

The right to receive information about the public and private entities with whom the controller has

shared data;

10.1.6.

The right to receive information about the possibility of not providing consent (when it is required);

10.1.7.

The right to withdraw consent, when applicable;

10.1.8.

The right to lodge a complaint with the Brazilian Data Protection Authority; and

10.1.9.

The right to object to a processing activity when the processing activity violates the LGPD

10.2

Exercising Your Rights

10.2.1.

To exercise the rights described above, please submit your request to us by sending an email to:

[email protected].

10.2.2.

Only you or a person authorized to act on your behalf, may make a request related to your Information.

You may also make a verifiable consumer request on behalf of your minor child.

10.2.3.

We cannot respond to your request or provide you with the requested Information if we cannot verify

your identity or authority to make the request and confirm the Information relates to you. We will only

use the Information provided in your request to verify your identity or authority to make the request.

10.2.4.

We will respond to your request for access within 15 days of its receipt. If you do not have an account

with us, we will deliver our written response by mail or electronically, at your option.

10.2.5.

For data portability requests, we will select a format to provide your Information that is readily useable

and should allow you to transmit the information from one entity to another entity without hindrance,

specifically by electronic mail communication.

11.

Other Sites and Services.

11.1

The Service will contain links to third party websites and services that are not owned or controlled by Global-e

including third party payment providers. We are not responsible for the privacy practices or the content of third

party websites or services and your use of or connection to such links and websites is at your sole risk. You should

review their privacy policies.

12.

Children’s Privacy.

12.1

The Service is not structured to attract or be directed to children under the age of 16 years or the Minimum Age

applicable in each jurisdiction. Accordingly, we do not intend to collect Information from anyone we know to be

under 16 years or the relevant Minimum Age.

12.2

The Minimum Age for individuals in Canada, Brazil, Hong Kong and Singapore is 18.

12.3

If we learn that we have collected Information from a child under 16 years or an applicable Minimum Age, we

will delete that information quickly. If you believe that we have any such information, please contact us at:

[email protected].

Global-e Privacy Policy V20 July 2021

13.

Security and data retention.

13.1

The security of Information is important to us. We follow generally accepted industry standards, including the

use of appropriate administrative, physical and technical safeguards, to protect Information.

13.2

For example, certain sensitive Information (such as data relating to fraud) that we receive is processed over a

Secure Sockets Layer channel and is encrypted; and our payment gateway is Payment Card Industry compliant.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

13.3

Therefore, while we strive to use generally accepted means to protect your Information, we cannot guarantee

its absolute security or confidentiality. If you have any questions about security on the Service, you can contact

us at: [email protected].

13.4

We will retain your Information as follows:

a) Purchases, Transaction and Delivery Information (see section 1.1-1.3 above). We will keep your

purchases, transaction and delivery information for the duration of the business/commercial

relationship and thereafter for the length of the applicable statute of limitations in your jurisdiction (in

the UK, for example, the statute of limitations is generally 6 years);

b) Enquiries Information (see section 1.4 above). If you contact us, we will keep your enquiries

information for 12 months after you contact us;

c) Log files (see section 1.5 above). We retain log files information for 12 months after the date it was

collected.

13.5

For the avoidance of doubt, your Information will also be retained by us as necessary to and relevant to our

Service Terms and Conditions and our legitimate operations, including time necessary to identify, issue or resolve

legal proceedings, enforce our Service Terms and Conditions, to meet our reporting requirements and as

otherwise required in accordance with applicable law obligations.

13.6

We will take appropriate steps to delete or permanently de-identify Information at the point this information is

no longer needed by us for our legitimate business or legal obligations.

14.

Accessing and Correcting Your Information.

14.1

At any time, you can contact us at: [email protected] and request to access the Information that we

keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be

and to the extent required under the applicable law, will make good-faith efforts to locate your Information that

you request to access. If you find that the information on your account is not accurate, complete or up-to-date,

please provide us the necessary information to correct it.

14.2

If you are eligible for the right of access under the applicable law, you can obtain confirmation from us of whether

we are processing Information about you and receive a copy of that data, so that you could:

verify its accuracy and the lawfulness of its processing;

request the correction, amendment or deletion of your Information if it is inaccurate or if you believe

that the processing of your Information is in violation of the applicable law.

14.3

We will use judgement and due care to redact from the data which we will make available to you, Information

related to others.

15.

Your EU and UK Data Subject Rights.

15.1

If EU and/or UK data protection law applies to the processing of your Information that can directly or indirectly

identify you, by Global-e, then the following terms apply.

Global-e Privacy Policy V20 July 2021

15.2

For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the UK

General Data Protection Regulation and the UK Data Protection ct 2018 (together the “UK DP

”), Global-e is

the data controller. If you are located in the EEA, you may contact our EU-GDPR representative according to Art.

27 GDPR, Rickert Rechtsanwaltsgesellschaft mbH, Colmantstraße

15,

53225 Bonn, art-27-rep-global-

[email protected]. If UK data protection law applies to the processing of your Information, you may contact our UK

representative, Globale UK Limited, 154 Clerkenwell Rd, London EC1R 5AB, UK., email dataprotection@global-

e.com.

15.3

When we process your Information, the processing is based on the legal basis set out in Section 3 above for each

processing activity.

15.4

Access the Information that we keep about you. You have the right to obtain (i) confirmation as to whether

Information concerning you is processed or not and, if processed, to obtain (ii) access to such data and a copy

thereof. We may need to ask you to provide us certain credentials to make sure that you are who you claim you

are.

15.5

Rectify the Information that we keep about you. If you find that the data is not accurate, complete or updated,

then you may provide us with the necessary information to rectify it.

15.6

Delete your Information. In some cases, you have the right to obtain the erasure of Information concerning you.

We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a

decision about your request. Restrict the processing of your Information. In some cases, you have the right to

obtain restriction of the processing of your Information.

15.7

Transfer your Information in accordance with your right to data portability. You have the right to receive the

Information concerning you which you have provided to us, in a structured, commonly used and machine-

readable format, and you have the right to transmit that Information to another controller without hindrance

from us. This right only applies when the processing of your Information is based on your consent or on a contract

and such processing is carried out by automated means.

15.8

Restrict processing to storage only. In certain circumstances, you have the right to require us to stop processing

your Information that we hold about you other than for storage purposes.

15.9

Object to processing of your Information. Information You have the right to object, on grounds relating to your

particular situation, at any time to processing of Information concerning you when such processing is based on

the legitimate interest of Global-e. Global-e may, however, invoke compelling legitimate grounds for continued

processing which override the your interests, rights and freedoms or for the establishment, exercise or defense

of legal claims.

15.10

Object to the processing of your Information specifically for direct marketing purposes. We do not conduct direct

marketing. When your Information is processed for direct marketing purposes by Retailers, you have the right to

object at any time to the processing of the Information for such direct marketing purpose. Please contact the

relevant Retailer directly to opt out of their marketing activities.

15.11

You have the right not to be subject to a decision based solely on automated processing, including profiling,

which produces legal effects concerning you or similarly significantly affecting you.

15.12

If you are located in the EEA, you have a right to lodge a complaint with a data protection supervisory authority

of your habitual residence, place of work or of an alleged infringement of the GDPR. If UK data processing laws

apply to our processing of your Information, you have a right to lodge a complaint with the UK Information

Commissioner’s Office͘

A summary and further details about your rights under EU data protection laws, is available on the EU

Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your

identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be

and will ask you further questions to understand the nature and scope of your request.

Global-e Privacy Policy V20 July 2021

If we need to delete data following your request, it will take time until we completely delete residual copies of

the data from our active servers and from our backup systems.

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law,

you can request to be informed that third parties that hold your Information, in accordance with this policy, will

act accordingly.

15.13

To protect your Information and handle complaints relating to your Information, we have appointed a Data

Protection Officer, responsible for the management and safety of your Information. If you have any concerns

about the way we process your Information, you are welcome to contact our Data Protection Officer at:

[email protected]. We will investigate your inquiry and make good-faith efforts to respond

promptly.

16.

Transfer of Data Outside your Territory.

16.1

We may transfer your Information to the UK, United States, Israel and countries within the European Economic

Area (EEA).

16.2

We make sure that our data hosting service providers, or any other third party, provide us with adequate

confidentiality and security commitments.

16.3

If you are resident in a jurisdiction where transfer of your Information to another jurisdiction requires your

consent, then you provide us your express and unambiguous consent to such transfer.

16.4

If the transfer of your Information is governed by the LGPD, and your data is transferred to another jurisdiction

outside Brazil, your data will be secured by appropriate safeguards as set forth in LGPD Arts. 33, 34 and 35, in

particular, but without limitation to, by the use of the Standard Contractual Clauses for the transfer of data

between Brazil and other jurisdictions.

16.5

If the transfer of your Information is governed by the GDPR or UK GDPR, we transfer your Information outside

the EEA and UK (including your name, email address, physical address and telephone number) to shipping service

providers, the retailer of the merchandise your purchased from us, the payment services providers,

customs/clearance brokers and logistics providers who fulfil the order you placed with us which may have their

place of business in the U.S., only where the transfer is necessary for the performance of the contract between

you and us (i.e. for the purpose of fulfilment of your order and/or where we have implemented the European

Commission’s model contracts for the transfer of Information to third jurisdictions (i.e. standard contractual

clauses) unless the data transfer is to a jurisdiction that has been determined by the European Commission (for

transfers from the EE

) or the UK Information Commissioner’s Office (for transfers from the UK) to provide an

adequate level of protection for individuals’ rights and freedoms for their Information.

16.6

At this time, the U.S. is not recognized by the European Commission or the UK Information Commissioner’s Office

as a jurisdiction which offers an adequate level of data protection. Your Information, which is transferred to the

U.S., can be processed by U.S. law enforcement agencies, or any other entities under the applicable U.S. law. If

you are an EU citizen or resident, or if UK data protection laws apply to you, please note that U.S. laws place

limitations on remedies in respect of the processing of your Information by the U.S. authorities, including

limitations on the right or ability to bring a legal action to a court of law, or to appear in a court.

17.

Dispute Resolution.

17.1

We do periodical assessments of our data processing and privacy practices, to make sure that we comply with

this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly

and in an accessible manner. If you have any concerns about the way we process your Information, you are

welcome to contact our privacy team at: [email protected]. We will investigate your query and make

good-faith efforts to resolve any existing or potential dispute with you. If you remain unhappy with the response

you received, you can also refer the matter to the UK Information Commissioner or the applicable data protection

authority in your jurisdiction.

Global-e Privacy Policy V20 July 2021

18.

Additional information for residents of the following jurisdictions:

18.1

Australia

For the purposes of this Policy, “Information” means any information or an opinion about an identified individual,

or an individual who is reasonably identifiable, whether the information or opinion is true, or opinion is recorded

in a material form. We are committed to keeping your Information secure and will use all reasonable precautions

to protect it from loss, misuse or unauthorized access or alteration. However, except to the extent liability cannot

be excluded due to the operation of statute including the Privacy Act 1988 (Cth), we exclude all liability (including

in negligence) for the consequences of any unauthorized access to, disclosure of, misuse of or loss or corruption

of your Information. We may disclose your information to overseas receptions as described in this Policy,

including to recipients located in the countries set out above in the section on ‘Transfer of Data Outside your

Territory’͘ We take reasonable steps to ensure that third party recipients of your Information that are located

outside Australia do not breach the Australian Privacy Principles and comply with privacy laws that are similar to

those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients

and so cannot guarantee that they will comply with those privacy laws. Nothing in this Policy restricts, excludes

or modifies or purports to restrict, exclude or modify any statutory consumer rights or other rights under any

applicable law including the Competition and Consumer Act 2010 (Cth) or the Privacy Act 1988 (Cth). If you are

unhappy with this Policy or you have a complaint about compliance with the Australian Privacy Principles, please

to resolve your complaint within a reasonable time (and in any event within 30 days). If you are not happy with

how we have dealt with your complaint, you may submit a complaint to the Office of the Australian Information

Commissioner via the website at: https://www.oaic.gov.au/privacy/privacy-complaints/..

18.2

China Mainland

By agreeing to this Policy, you consent to your Information and sensitive personal Information being transferred

and collected, used, and disclosed in accordance with this Policy. Individuals must be notified at the point of

collection of the purposes for which the Information was collected and thereafter the Information can only be

used for those purposes unless consent is obtained for a new purpose.

In accordance with the terms of the applicable China Data Protection Law, you may have the following rights to

your Information, including the rights to request access to, and correction or deletion of, your Information, or

withdrawal of you consent to the processing of your Information, or cancellation of your account. To the extent

permitted by applicable China Data Protection Law, a fee may be chargeable by us for complying with a data

access request. In certain instances, applicable China Data Protection Law may allow us legitimately and properly

to refuse some of these requests; for instance, to comply with applicable legal obligations, to protect the

legitimate rights of third parties or to preserve the confidentiality of management deliberations.

For the purposes of this Policy, China Data Protection Law shall mean the Cybersecurity Law of the People's

Republic of China (“PRC”), and all related, then current data protection provisions under the PRC Civil Code, other

data protection related laws, regulations, administrative rules, administrative measures and national guidelines

effective in China Mainland (together as “China Data Protection Law”).

18.3

Hong Kong

Under the Personal Data (Privacy) Ordinance, individuals must be notified at the point of collection of the

purposes for which the data was collected and thereafter the data can only be used for those purposes unless

consent is obtained for a new purpose. If you are not happy with this Policy, you may submit a complaint to the

Office of the Privacy Commissioner for Personal Data. As a Hong Kong data subject you have legal rights in

relation to the Information we hold about you (to the extent permitted under applicable laws and regulations).

You are entitled to make a subject access request to receive a copy of the data we process about you, a data

correction request as well as a right to reject to the use of your Information for direct marketing purposes by

contacting our Data Protection Officer at [email protected]. A fee may be chargeable by us for complying with

a data access request.

18.4

India

Global-e Privacy Policy V20 July 2021

Where we permit any third parties to collect and use sensitive Information (such as bank account or credit card

information), we shall take reasonable measures to ensure that the third parties do not further disclose such

information.

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously

provided to us for certain processing activities by contacting us at [email protected]. Where consent

is required to process your Information, if you do not consent to the processing or if you withdraw your consent

we may not be able to deliver the expected service.

18.5

Indonesia

If you are under the age of 21, you undertake that you have the consent of your parent or legal guardian to

You are responsible for making sure that any personal details which you provide to us are accurate and current.

In order to confirm the accuracy of the information, we may also verify the information provided to us, at any

time. You hereby represent that you have secured all necessary consent(s) before providing us with any other

person’s Information (for example, for referral promotions), in which case we will always assume that you have

already obtained prior consent, and as such, you will be responsible for any claims whatsoever from any party

arising as a result of the absence of such consent(s).

18.6

Japan

By clicking “accept”, you consent to the cross-border transfer of your information to any jurisdiction where we

have databases or affiliates and, in particular, to Ireland and Germany.

You may request us to notify you about the purposes of use of, to disclose, to make any correction to, to

discontinue the use or provision of, and/or to delete any and all of your Information which is stored by us, to the

extent provided by the Act on the Protection of Personal Information of Japan. When you wish to make such

requests, please contact us at [email protected].

18.7

Malaysia

In the event of any discrepancy or inconsistency between the English version and Bahasa Melayu version of this

Policy, the English version shall prevail.

In the event you are agreeing to this Policy in order for a minor to access and use the Service, you hereby consent

to the provision of Information of the minor to be processed in accordance with this Policy and you personally

accept and agree to be bound by the terms in this Policy. Further, you hereby agree to take responsibility for the

actions of such minor, and that minor’s compliance with this Policy͘

To protect your Information and handle complaints relating to your Information, we have appointed the

following department responsible for managing and protecting your Information. Our data protection officer,

responsible for the management and safety of your Information : [email protected].

18.8

New Zealand

We take reasonable steps to ensure that third party recipients of your Information located outside New Zealand

handle your Information in a manner that is consistent with New Zealand privacy laws. However, you

acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.

If you are under the age of 16, you undertake that you have the consent of your parent or legal guardian to

If you are dissatisfied with our response to your request for access to, or correction of, your Information or your

privacy complaint in respect of your Information, you may contact the Office of the New Zealand Privacy

Commissioner ( www.privacy.org.nz).

Global-e Privacy Policy V20 July 2021

While we take reasonable steps to ensure that third party recipients of your Information comply with privacy

laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions

of third party recipients and so cannot guarantee that they will comply with those privacy laws.

18.9

Philippines

We will not implement any material changes to the way we process your Information, as described in the Policy,

unless we have notified you and have obtained your consent to such material changes.

By consenting to this Policy, you consent to us:

• collecting and processing your Information as described in this Policy and for the purposes stated herein;

• sharing your Information with third parties, companies within our group, and a third party that acquires

substantially all or substantially all of us or our business, as described in this Policy and for the purposes

stated herein; and

• transferring or storing your Information in destinations outside the Philippines when the processing shall

need to occur outside the Philippines, such as in servers located in Ireland and Germany.

18.10

Singapore

By using the Services, you signify that you have read and understood this Policy. To the extent required under

applicable law, you also provide your consent to us collecting, using and disclosing your personal information in

accordance with this Policy.

We will transfer Information (including your name, email address, physical address and telephone number) to

shipping service providers, retailers of merchandise you purchase from us, payment services providers,

customs/clearance brokers and logistics providers who fulfil your orders. Information will be transferred only

where necessary for the fulfilment of your purchases.

Under the Personal Data Protection Act 2012, individuals must be notified at the point of collection of the

purposes for which the data was collected and thereafter the data can only be used for those purposes unless

consent is obtained for a new purpose.

As a Singaporean data subject you have legal rights in relation to the Information we hold about you (to the

extent permitted under applicable laws and regulations).

You are entitled to make a subject access request to receive a copy of the data we process about you, a data

correction request as well as a right to reject to the use of your Information for direct marketing purposes. We

will not charge any fee for complying with a data access request.

18.11

South Korea

We take the following steps to ensure the safety of personal information:

1. Administrative Measures: Establishment and implementation of internal management plans, regular

employee training, etc.

2. Technical Measures: Management of access rights to personal information processing system, installation of

access control system, encryption of unique identification information, installation of security programs.

3. Physical Measures: Control access to computer rooms, data storage rooms, etc.

We retain personal information for specified retention periods pursuant to certain tax and export controls laws

to which we are subject. We store, in an isolated and highly secured fashion, personal information recorded and

stored in the form of electronic files so that the records cannot be accessed or reproduced without strict

procedures and subject to meeting certain criteria of necessity. After the end of the relevant retention period,

personal information recorded and stored in electronic files will be securely destroyed using technical measures

to prevent the possibility of recovery and paper records will be either shredded or burned.

Global-e Privacy Policy V20 July 2021

The laws of Korea, including the Act on the Consumer Protection in Electronic Commerce, Etc. (E-Commerce

Consumer Protection Act), the Framework Act on Electronic Documents and Transactions, and the Protection of

Communications Secrets Act, require retention of certain types of information for a certain period of time, as

follows:

E-Commerce Consumer

Records of contracts or cancellation of orders shall be retained for

Protection Act

a period of five (5) years.

Records of payments and provision of goods shall be retained for a

period of five (5) years.

Records of consumer complaints or dispute resolution shall be

retained for a period of three (3) years.

Framework Act on Electronic

Records of electronic document distribution via certified electronic

Documents and Transactions

address shall be retained for a period of ten (10) years.

Protection of

Sign-in records shall be retained for a period of three (3) months.

Communications Secrets Act

We have designated the person in charge of personal information protection as follows in order to take full

responsibility for the handling of personal information, and to handle complaints from and remedy damages

suffered by our users related to our processing of personal information:

Personal Information Protection Officer

Name: Oded Griffel

Position: DPO

Contact Information: [email protected]

18.12

Taiwan

We do not knowingly collect or solicit Information from anyone under the age of 7 or knowingly allow such

persons to register on the Service. If you are under 7, please do not attempt to use or register for our Service or

send any Information about yourself to us. No one under the age of 7 may provide any Information to us while

using the Service. In the case of users located in Taiwan, persons under the age of 20 are required to obtain

parental/guardian consent prior to using the Service.

18.13

Thailand

By clicking “accept”, you acknowledge that you have read, understood, and agree to this Policy͘ If you do not

agree with this Policy, you must not use the Service.

You may request us to discontinue, to restrict the use or provision of, and/or to request for data portability of

any and all of your Information which is stored by us, to the extent provided by the Act on the applicable data

privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. When you wish to make

such requests, please contact us at [email protected].

We will give you notice by email of any changes to this Policy, and give you an opportunity to reject such changes,

failing which the changes will become effective as stated in the notice.

18.14

Vietnam

By accepting this Policy, you expressly agree and authorize us to collect, use, store, and process your Information,

including, lawfully disclosing and transferring it to third parties, as described in this Policy.

Global-e Privacy Policy V20 July 2021

19.

Changes to this Privacy Policy.

19.1

From time to time, we will update this policy. If the updates have minor if any consequences, they will take effect

7 days after we post a notice on the Service’s website͘ Substantial changes will be effective 30 days after we

initially posted the notice.

19.2

Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-

existing policy, you can choose not to accept it and terminate your use of the Service. Continuing to use the

Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt

the policy to legal requirements, the new policy will become effective immediately or as required by law.

20.

Please contact us at: [email protected] for further information. You can contact our DPO at:

[email protected].

Global-e Privacy Policy V20 July 2021

Cookies Policy

Global-e (“Global-e” or “we”) wants to ensure that your use of our Service is smooth, reliable and as useful to you as

possible. To help us do this, we use cookies and similar technologies, such as tags/beacons and javascripts (“cookies”), to

make our Service relevant to your interests and needs.

What are cookies?

Cookies are small text files that are automatically placed on your computer or mobile device when you use our

Service. They are stored by your internet browser. Cookies contain basic information about your internet use.

Your browser sends these cookies back to our Service every time you revisit it, so it can recognize your computer

or mobile device and personalize and improve your browsing experience.

What re ‘Session’ and ‘Persistent’ Cookies?

“Session Cookies” are removed from your computer once you close your browser session͘

“Persistent Cookies” last for longer periods on your computer - after you close your browser session.

A user can delete previously set persistent cookies manually or configure the browser settings to delete cookies,

as further described below.

What re ‘First-party’ and ‘Third-party’ Cookies?

First-party cookies are set directly by the website that the user is visiting. For the purpose of this policy, these

are cookies that are set directly by our Service.

Third-party cookies are set by a domain other than the one visited by the user. For the purpose of this policy,

these are cookies that are set by Service on the checkout page.

What re ‘Similar Technologies’?

Functions usually performed by a cookie can be achieved by other means. This could include, for example, using

certain characteristics to identify devices so that visits to a website can be analyzed.

ny technology that stores or accesses information on a user’s device is relevant for this purpose, and therefore

it includes, for example, HTML5 local storage, Local Shared Objects and fingerprinting techniques.

Additionally, technologies like scripts, tracking pixels and plugins, wherever these are used - are also considered

as similar technologies. For example, the retailers may, conduct electronic marketing and incorporate a tracking

pixel in email messages. The pixels record information including the time, location and operating system of the

device used to read the email.

What type of cookies do we use?

We use both Session Cookies and Persistent Cookies as part of your experience on our Service so that we can

facilitate the use of the data’s features and tools, keep track of your preferences as well as improve our service

by creating better designs for you. Some cookies are strictly essential for the operation of our Service while other

cookies help to improve. The same rule goes for all the tracking technologies that we use. We have created a

detailed tracking technologies table page, which is attached as an Appendix A to this policy and is available here.

The table will provide you with a clear and comprehensive image of the tracking technologies that we use.

When a tracking technology contains Information, as indicated in Appendix A, then our Privacy Policy applies as

well.

The cookies we use fall into 3 categories. These categories are described below:

Global-e Privacy Policy V20 July 2021

Essential and functional cookies

Essential cookies are necessary to help you access and

move around our Service and use all its features. We also

use functional cookies, for example to remember your

language preferences to save you the trouble of having to

change every time you enter our Service. Without these

cookies, our Service would not work properly, and you

would not be able to use certain important features.

Analytics cookies

We use cookies to help us understand how visitors arrived

at our Service, how and how long they use it and how we

can improve their experience. This type of so-called

“analytics” cookies can provide us with anonymous

information to help us understand which parts of our

Service interest our visitors and if they experience any

errors. We use these cookies to test different designs and

features for our sites and we also use them to help us

monitor how our visitors reach our sites.

To place these cookies, we use Google Analytics. We have

set our Google Analytics to protect your privacy to the

maximum extent. For example, we have concluded a data

processing agreement with Google to protect your data.

We have also made sure that the last octet of your IP-

address is invisible and have turned off the setting which

allows sharing data with Google. We are also not using any

other Google Analytics related cookie services which are

offered by Google

Advertising, marketing and social

We only place advertising, marketing and social media

media cookies

cookies if you have given us your permission to do this.

Advertisement and marketing cookies collect information

about your browsing habits in order to make our content

and advertising as relevant to you and your interests as

possible. These cookies are also used to help us measure

the effectiveness of our advertising campaigns by tracking

the number of clicks. The cookies are usually placed by

third party advertising networks. They remember the

websites you visit and use this information to give you

access to interesting and exciting content on our Service

and to show you more personalized adverts when you

visit other websites. These cookies also help improve your

browsing experience, for example by helping to prevent

the same advertisement from continuously reappearing

to you.

Additionally, social media platforms such as Facebook and

Twitter can use cookies to see if you are logged in and

allow you to “like” content or forward it to your friends͘

Depending on your settings, these third parties may use

your information for their own purposes, such as

advertising. If you would like to know more how these

social media platforms use data, please refer to the

privacy notices of these platforms

Obtaining your consent for using tracking technologies

Global-e Privacy Policy V20 July 2021

We need your consent to use tracking technologies that are not essential and functional, as indicated above. If

you do not agree to accept our cookies or other tracking technologies that are not essential and functional for

the operation of our website, we will make commercially reasonable efforts to provide you with the same level

of services without using such cookies or other tracking technologies.

Withdrawing your consent

You can withdraw your consent to advertising, marketing and social media cookies by contacting

[email protected].

Managing your cookie settings and deleting cookies

As explained above, we only place advertising and targeting cookies (including tracking cookies) if you have given

us your consent for doing this. If you have given us your consent but would like the cookies that we have placed

to be removed, you can do this by deleting them via your browser͘ Search for “cookies” under your web browser’s

“Help menu” or “Setting” section͘

Here are some links to some commonly used web browsers: (a) Google Chrome; (b) Microsoft Edge; (c) Mozilla

Firefox; (d) Microsoft Internet Explorer; (e) Opera; (f) Apple Safari.

In addition, you can turn off certain third party targeting or advertising cookies by visiting the following links:

Network Advertising Initiative, the Digital Advertising Alliance Consumer Choice and Your Online Choices pages.

To find out more about cookies, including how to see what cookies have been set, you can visit the following

websites: www.aboutcookies.org and www.allaboutcookies.org.

Please note that, if you choose to delete Global-e cookies, your access to some functionality and areas of our

Service may be degraded or restricted.

Some web browsers offer a “Do Not Track” (“DNT”) signal͘ DNT signal is an HTTP header field indicating your

preference for tracking your activities on our services or through cross-site user tracking. This Service does not

respond to DNT signals.

Questions, comments or in need of help?

If you have any questions or if we can help you with something, we would be happy to assist if you contact us at:

[email protected].

10.

Changes to this policy

We update this policy, where needed. Every time we change this policy, we either send you an email about it or

post a notice on our Service. We will post a notice on our Service if our policy update includes substantial changes

and obtain your consent once again, where required under applicable laws.

This policy was last updated in July 2020.

Global-e Privacy Policy V20 July 2021

Appendix A: Tracking Technologies Table

Essential and functional cookies

These cookies are strictly essential for enabling your movement around our Service and providing access to features such

as your profile and purchases, member-only services, and other secure areas of our Service. This category of cookies

cannot be disabled.

Global-e Privacy Policy V20 July 2021

Name

Purpose & Expiration Date

First/Third Party Cookie

Main cookie used by both the Global-e

GlobalE_Data

First + Third Party

extensions and client libraries, this cookie

holds the browsing information of the

customer.

Exp. 72 Hours

GlobalE_Tags_Data

Cookie for analytics and statistics of the

First

client behavior on the website.

Exp. End of Session

GlobalE_CT_Data

This cookie holds a unique client identifier

First + Third Party

for a customer (per browser), which helps

Global-e to provide information about the

client behavior on a Global-e enabled

website.

Exp. 72 Hours

GlobalE_Welcome_Data

This cookie is placed in order to determine

First

whether the customer should be

presented with the Global-e welcome

popup.

Exp. 72 Hours

GE_CART_TOKEN

This cookie holds the card details, in case

First

the need to recreate the cart.

Exp. 72 Hours

GlobalE_GECT_Data

This cookie is used to distinguish unique

Third Party

users by assigning a randomly generated

number as a client identifier.

Exp. 2 Years

GloablEIsOperated

This cookie determine whether the

First

territory is operated.

Exp. 72 Hours

_cfduid

CloudFlare cookie, used to speed up load

Third Party

time. used to override any security

restrictions based on the IP address the

visitor is coming from. It does not contain

any user identification information.

Exp. 8 Month

forterToken

This cookie stores the Forter-generated

Third Party

device identifier. It identifies the browser

between browsing sessions

Exp.5 years

Global-e Privacy Policy V20 July 2021

Name

Purpose & Expiration Date

First/Third Party Cookie

Ftr_ncd

a flag used to make sure data is not sent

Third Party

more than once per predefined timeframe

Exp. 5 Years

Analytics Cookies

Analytics cookies collect information about how visitors use our Service. Our service providers can transfer relevant

information to third parties where required by law or where such third parties process such information on their behalf.

Name

Purpose & Expiration Date and Opt-Out

First/Third Party Cookie

_ga

This cookie is used to distinguish unique

Third Party

users by assigning a randomly generated

number as a client identifier.

Exp. 2 years

_gcl_au

Used by Google AdSense for

Third Party

experimenting with advertisement

efficiency across websites using their

services.

Exp. 10 Days

_gid

This cookie name is associated with

Third Party

Google Universal Analytics. store and

update a unique value for each page

visited.

Exp. 24 Hours

cid

This cookie is used to improve advertising

Third Party

for website visitors. It can redirect more

relevant advertisements to the visitor, and

helps improve reports on campaign

performance.

Exp. 1 Year

_fbp

Used by Facebook to deliver a series of

Third Party

advertisement products such as real time

bidding from third party advertisers.

Exp. 3 Months

Special provisions regarding Hotjar Cookies -

Global-e uses the services of Hotjar. To function properly, Hotjar stores first-party cookies on your browser. Cookies are

either set by the Hotjar script, or by visiting Hotjar’s website. When Global-e uses the Hotjar script on the website, Hotjar

cookies are responsible for displaying the correct content to you without personally identifying anyone.

If you are looking to not be tracked by Hotjar or any site that uses Hotjar, you may do so by following the steps on Do Not

Track page.

Global-e Privacy Policy V20 July 2021

Cookies set by the Hotjar script (not all are used by Global-e)

Name

Description

Duration

Hotjar cookie that is set once a visitor interacts

with an External Link Survey invitation modal. It is

_hjClosedSurveyInvites

365 days

used to ensure that the same invite does not

reappear if it has already been shown.

Hotjar cookie that is set once a visitor completes

a survey using the On-site Survey widget. It is

_hjDonePolls

365 days

used to ensure that the same survey does not

reappear if it has already been filled in.

Hotjar cookie that is set once a visitor minimizes

an On- site Survey widget. It is used to ensure

_hjMinimizedPolls

365 days

that the widget stays minimized when the visitor

navigates through your site.

Hotjar cookie that is set when a visitor minimizes

or completes Incoming Feedback. This is done so

_hjShownFeedbackMessage

that the Incoming Feedback will load as

365 days

minimized immediately if the visitor navigates to

another page where it is set to show.

Hotjar cookie that is set when the customer first

lands on a page with the Hotjar script. It is used to

persist the Hotjar User ID, unique to that site on

_hjid

365 days

the browser. This ensures that behavior in

subsequent visits to the same site will be

attributed to the same user ID.

This should be found in Session storage (as

opposed to cookies). This gets updated when a

_hjRecordingLastActivity

visitor recording starts and when data is sent

Session

through the WebSocket (the visitor performs an

action that Hotjar records).

When the Hotjar script executes we try to

determine the most generic cookie path we

should use, instead of the page hostname. This is

done so that cookies can be shared across

_hjTLDTest

Session

subdomains (where applicable). To determine

this, we try to store the _hjTLDTest cookie for

different URL substring alternatives until it fails.

After this check, the cookie is removed.

User Attributes sent through the Hotjar Identify

API are cached for the duration of the session in

_hjUserAttributesHash

Session

order to know when an attribute has changed and

needs to be updated.

This cookie stores User Attributes which are sent

_hjCachedUserAttributes

Session

through the Hotjar Identify API, whenever the

user is not in the sample. These attributes will

Global-e Privacy Policy V20 July 2021

only be saved if the user interacts with a Hotjar

Feedback tool.

This cookie is used to check if the Hotjar Tracking

Script can use local storage. If it can, a value of 1

is set in this cookie. The data stored

_hjLocalStorageTest

Under 100ms

in_hjLocalStorageTest has no expiration time, but

it is deleted almost immediately after it is

created.

This cookie is set to let Hotjar know whether that

_hjIncludedInPageviewSample

visitor is included in the data sampling defined by

30 minutes

your site’s pageview limit͘

This cookie is set to let Hotjar know whether that

_hjIncludedInSessionSample

visitor is included in the data sampling defined by

30 minutes

your site’s daily session limit͘

This cookie is used to detect the first pageview

_hjAbsoluteSessionInProgress

session of a user. This is a True/False flag set by

30 Minutes

the cookie.

Visitors with Disabled Cookies

Hotjar does not track or record visitors who have cookies disabled͘ In fact, the Hotjar script doesn’t properly load its

different components if it detects that cookies are disabled. Learn more

Cookies set can be categorized into essential and non-essential cookies.

Essential Cookies

Essential cookies serve to operate the Hotjar Website and its features in a workable fashion.

Name

Description

Duration

This cookie is set for logged in users of Hotjar who

have Admin Team Member permissions. It is used

_hjptid

Session

during pricing experiments to show the Admin

consistent pricing across the site.

This cookie is set when a page that supports

multiple languages on hotjar.com is visited. This

hjSiteLang

365 days

allows us to always load the content in the

preferred language when available.

Hotjar Opt-Out setting. More information can be

_hjOptOut

4 months

found on our Do Not Track Page

X-Access-Key

This cookie keeps your website session alive.

Session

Non-essential Cookies

Global-e Privacy Policy V20 July 2021

With your consent, non-essential cookies are set when you visit the Hotjar’s website. They serve to optimize the user

experience, provide us with insights about how users use the Hotjar’s website, or are used for marketing purposes.

To the extent Information is processed via these cookies, the respective legal basis is your consent in accordance with

Article 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by adjusting your cookie settings.

Name

Description

Duration

New Relic cookie which is used to monitor session

JSESSIONID

Session

counts for an application. Read more

New Relic cookie which is only created in

NREUM

browsers that do not support the Navigation

Session

Timing API. Read more

New Relic cookie, created only when a token is

NRAGENT

handed out to an end-user by the New Relic

Session

server. Read more

This cookie is set by Optimizely to run tests on

Decided by

optimizely*

hotjar.com. Read more

Optimizley

This cookie is set by Mixpanel to run track usage

mp_*

Decided by Mixpanel

on hotjar.com.

This cookie is created by Hotjar to create a unique

segment_id

ID for users and is used to consistently trigger

1 year

experiments for example.

This cookie is set by Microsoft as a unique user ID.

MUID (Microsoft User ID)

The cookie enables user tracking by synchronizing

1 year

the ID across many Microsoft domains.

This cookie is set by LinkedIn Ads for ID syncing.

UserMatchHistory

30 days

This cookie is set by LinkedIn to keep track of the

bcookie

2 years

browser ID. Read more

A secure browser cookie set by LinkedIn. Read

bscookie

2 years

more.

This cookie is set by LinkedIn used for routing.

lidc

1 day