Purchasing of Merchandise
Payment: If you purchase any merchandise through Sapelle Service, you will be required to provide Sapelle Service information regarding your credit card or another payment instrument. You represent and warrant to Sapelle Service that such information is true and that you are authorized to use the payment instrument. You will be responsible for all taxes associated with your purchase of merchandise through the Service.
Loss and Cancellation: Title and risk of loss for all merchandise ordered by you will pass to you on our delivery to the shipping carrier. We reserve the right to cancel any order for any merchandise for any reason.
Protecting You
The Sapelle is owned and operated by Sapelle. Sapelle (“Sapelle “, “we,” “us,” “our”) is committed to protecting your privacy. At Sapelle, we never share our customer’s data with the third party in anyway. We use the information that you provide for such purposes as responding to your requests, customizing future shopping for you, improving our stores, and communicating with you. We always try to personalize and continually improve your Sapelle shopping experience.
Please note that use of the Website by you is subject to this privacy policy (the “Policy”) and the Website’s terms and conditions of use (“Terms and Conditions”). In this Policy a word/term used with a capital letter is defined in the Terms and Conditions or elsewhere in this Policy.
Our Policy explains what information we collect on the Website, how we use and/or share this information, and how such information is maintained by us. By using this Website, you signify your acceptance of this Policy. If you do not agree to the terms of this Policy, in whole or part, you should not use this Website. Please note that this Policy applies only with regard to the information collected on the Website and not any information collected or obtained through other methods or sources.
Our Policy ensures that any information you provide us remains private and secure. To reassure you, below we provide details of the information you provide to us, and how it will and, more importantly, will not be used. We will never collect sensitive information about you without your explicit consent. The information we hold will be accurate and up to date. You can check the information that we hold about you by contacting us (and there may be an administrative fee payable for this). If you find any inaccuracies we will delete or correct it promptly.
Personally Identifiable Information – Collection of PII that we collect
We collect personally identifiable information (“PII”) that is volunteered during Registration or in response to specific information requests explicitly presented to you.
We may also collect your IP (Internet Protocol) address to help diagnose problems with our server and to administer this Website. An IP address is a number that is assigned to your computer when you use the Internet. Your IP address is also used to help identify you during a particular session and to gather broad demographic data.
We may ask for your e-mail address during your use of the Website. Also, to purchase Vouchers you may be requested to provide any or all of the following PII: first and last name, postal address, e-mail address, date of birth, telephone number and details of a payment mechanism, such as credit card details.
Use and Sharing of PII
All PII is retained in accordance with the Data Protection Act 1998 and other applicable data protection laws in Australia.
We use PII to provide you with information about Sapelle , to properly provide you with the Service and for marketing ourselves to you. It is our policy not to sell or pass any PII to any third party organizations (outside our group companies) unless we are required to do so for fraud prevention and detection. We will never sell or rent your PII to anyone else for their marketing or any other commercial purposes without your prior consent.
However, we may pass your PII to our agents and subcontractors to help us with any of our uses of your data set out in this Policy. For example, we may use third parties to provide us with marketing or customer service assistance or send it to a credit card provider to process a payment.
We also always reserve the right to disclose PII in order to:
(a) comply with applicable laws;
(b) respond to governmental inquiries (or inquiries from a legal, governmental or quasi-governmental or local authority agency or Internet protection agency of any type);
(c) comply with a valid legal process or procedure;
(d) protect our rights or property, this Website, and/or other users of this Website.
Please note that as part of any PII sharing which we list above, we may send your information internationally including to countries outside the European Economic Area. Some places outside of the EEA may not have adequate data protection laws at all or may offer differing levels of protection of personal information which are not as high as in Australia. By submitting PII to us, you acknowledge that provided we have used your data in the ways set out in this Policy, we cannot be held responsible for any use of your data by third parties who receive and process your data.
Cookies
We use “cookies”, technology to store data on your computer using the functionality of your browser. A lot of websites do this, because cookies allow the website publisher to do useful things like finding out whether the computer (and probably its user) has visited the site before. You can usually modify your browser to prevent cookie use – but if you do this the Service (and the Website) may not work properly. The information stored in the cookie is used to identify you. This enables us to operate an efficient service and to track the patterns of behavior of visitors to the website.
Also, in the course of serving advertisements to this Website (if any), third-party advertisers or ad servers may place or recognize a unique cookie on your browser. The use of cookies by such third party advertisers or ad servers is not subject to this Policy but is subject to their own respective privacy policies. (Please note that use of the Website, is neither intended for, nor directed to, children under the age of 18.)
Emails
Please note that we may email you for the following purposes:
As part of the Service. For example, we send (or may send) emails to you in some of the following example circumstances:
- After Registration, notifying you of your account details;
- As reminder emails about the services we offer (particularly if you have not used them yet or not used them for a while);
- To send you information or Vouchers which you have asked for;
- As a newsletter;
- As promotional emails;
- To offer related services to you from Sapelle
However, in terms of any marketing or promotional emails we may send, we will always give you the chance to opt-out (or unsubscribe) from them in the future.
Security and Retention
The PII which we hold will be held securely within our systems in accordance with our internal security policy and the law. We hold data until 3 years after it is last accessed or used by us.
Regarding information transmitted between the Website and/or users, while we take reasonable precautions to safeguard this information, we may be unable to prevent unauthorised access to such information by third parties or inadvertent disclosure of such information during transit. Users acknowledge this risk when communicating with the Website.
Transfer in Certain Circumstances
If there is a sale, merger, consolidation, change in control, transfer of substantial assets, reorganisation or liquidation or Sapelle then, in our sole discretion, we may transfer, sell or assign information collected on and through this Website (including, without limitation, PII and other information), to one or more relevant third parties.
Customer Service
If you have any questions or concerns, or if you wish to request access to your personal information held by Sapelle, please feel free to contact us.
Disclaimer
When purchasing products from this Website, the Customer acknowledges and accept the payment of the products will be transferred to third-party operated payment systems. The Customer’s basic financial information may be disclosed to the third-party operated payment systems and its operating/controlling entity.
All information received by the third-party operated payments systems and its operating/controlling entity shall be managed in accordance with its Privacy Statement and Terms and Conditions found HERE. The Customer waive all rights to bring legal proceedings against the third-party operated payment systems and its operating/controlling entity in regards to the entity’s capacity to receive payments for the operation of the Website in relation to products supplied by the Website operator as a result of payment from the Website.
Changes to this Policy
Please note that this Policy forms part of the Terms & Conditions for use of this Website and forms part of the Agreement between you and us. We may, from time to time, amend this Policy, in whole or part, in our sole discretion. Any changes to this Policy will be effective immediately upon the posting of the revised policy on the Website. Depending on the nature of the change, we may announce the change: (a) on the home page of the Website, or (b) by email, if we have your email address. However, in any event, by continuing to use the Website following any changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, you must terminate your use of the Website.
Secure communications
The SSL/TLS protocols are the basis for secure communications on the web. They are also under constant attack. Security experts try to stay one step ahead of cyber attackers by studying the SSL/TLS protocols for vulnerabilities. The POODLE and Heartbleed vulnerabilities were the results of such studies. To help keep your integration safe from current and future security threats, we recommend that you follow the best practices outlined below.
Discontinue use of the VeriSign G2 Root Certificate
The public Certificate Authority industry is actively phasing out 1024-bit Root Certificates in favor of more secure 2048-bit Root Certificates. As a result, you need to discontinue use of SSL connections that rely on the older 1024-bit certificates, such as the VeriSign G2 Root Certificate.
Upgrade to SHA-256 SSL Certificates
SHA-1 is a 22-year-old cryptographic algorithm that is being threatened by increases in computing power. You need to transition from using SSL certificates that utilize SHA-1 to the stronger SHA-256 signing algorithm.
Use TLS version 1.2 or higher
PayPal has updated its services to require TLS 1.2 or higher for all HTTPS connections. TLS versions 1.0 and 1.1, as well as SSL versions 1.0, 2.0 and 3.0, are older protocols with known vulnerabilities that have been deprecated.
In addition, PayPal also requires HTTP/1.1 for all connections.
Let the protocol negotiate the highest version
Because Internet protocols change frequently in response to threats, we do not recommend that you hard code your integration to a specific version. Instead, we recommend that you allow the protocol to negotiate the highest version automatically.
Do not hard code specific ciphers
The following are several reasons why you should not hard code specific ciphers in your integrations:
- Ciphers such as RC4 and DES are widely used for TLS but have been shown to be insecure and vulnerable to attack.
- More advanced ciphers, such as AES and GCM, while among the strongest available today, may prove to be vulnerable in the future.
- Security exploits may cause PayPal to disable certain ciphers in the future.To minimize your vulnerability to current and future threats, we recommend that you do not specify particular ciphers in your integrations.
Allow Perfect Forward Secrecy
Perfect Forward Secrecy (PFS) is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past or future conversations. We recommend that you implement PFS in your integration.
With PFS implemented, any secure transmissions you have recorded in the past are still secure and cannot be compromised, even if a current key is compromised. The same holds true for future transmissions. Without PFS, if a single transmission is compromised, then all past and future transmissions could be compromised.
When implementing PFS, you need to allow the protocol to negotiate the highest version of TLS and never use hard coded specific ciphers. When PFS is enabled, the TLS protocol negotiation is taken care of on the PayPal side. Be sure not to restrict Diffie-Hellman Key Exchange (DHE) or Elliptic Curve Diffie–Hellman (ECDHE) ciphers in your integration.
A visual representation of PFS can be found here: PFS architecture diagram.
Stay vigilant
As much as we’d like integration to be a one-time, future-proof activity, the threat of cyber-attacks requires constant vigilance. PayPal is continuously working to protect our merchants and stay ahead of trends in Internet security. To reduce your vulnerability, be sure to check your integration against industry best practices on at least an annual basis. Following the minor steps outlined above can make a major difference to the security of your integration.
Sapelle Service’s Proprietary Rights
Service Content, Software and Trademarks: You are only authorized to use the Sapelle Service for the purpose of engaging in business transactions with Top Trendy Goods. You may not use any automated technology to scrape, mine or gather any information from Sapelle Service Service or otherwise access the pages of Sapelle Service for any unauthorized purpose. If you are blocked by Sapelle Service from accessing Sapelle Service Service (including by blocking your IP address), you agree not to implement any measures to circumvent such blocking (e.g., by masking your IP address or using a proxy IP address). The technology and software underlying the Sapelle Service or distributed in connection therewith are the property of Sapelle, our affiliates and our partners (the “Software”). You agree not to copy, modify, create a derivative work of, reverse engineer, reverse assemble or otherwise attempt to discover any source code, sell, assign, sublicense, or otherwise transfer any right in the Software.
Sapelle Service may contain images, artwork, fonts and other content or features (“Service Content”) that are protected by intellectual property rights and laws. Except as expressly authorized by Sapelle, you agree not to modify, copy, frame, rent, lease, loan, sell, distribute or create derivative works based on the Sapelle Service or the Service Content, in whole or in part. Any use of the Sapelle Service or the Service Content other than as specifically authorized herein is strictly prohibited. Any rights not expressly granted herein are reserved by Sapelle.
The Sapelle name and logos are trademarks and service marks of Sapelle (collectively the “Sapelle Trademarks”). Other company, product and service names and logos used and displayed via the Sapelle Service may be trademarks or service marks of their respective owners who may or may not endorse or be affiliated with or connected to Sapelle. Nothing in these Terms of Service or the Sapelle Service should be construed as granting any license or right to use any of Sapelle Trademarks displayed on the Sapelle Service, without our prior written permission in each instance. All goodwill generated from the use of Sapelle Trademarks will inure to Sapelle’s exclusive benefit.
Third Party Material: Under no circumstances will Sapelle be liable in any way for any content or materials of any third parties (including users), including, but not limited to, for any errors or omissions in any content, or for any loss or damage of any kind incurred as a result of the use of any such content or materials. To the maximum extent permitted under applicable law, the third party providers of such content and materials are express and intended third party beneficiaries of these Terms of Services with respect to their content and materials.
Sapelle may preserve content and may also disclose content if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal process, applicable laws or government requests; (b) enforce these Terms of Service; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Top Trendy Goods, its users or the public.