Merchant Privacy Policy
Last updated: 15 May 2026
1. Overview
This Merchant Privacy Policy (“Policy”) explains how MarlinX Technologies Pte. Ltd. (operating as “Directo”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data about individuals associated with Merchants, including sole proprietors, business owners, authorised representatives, employees, and other contact persons, in connection with your use of Directo.
Where we process End Customer personal data through Directo-powered storefronts, we do so as a data intermediary on behalf of the Merchant. We handle personal data in accordance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore.
2. Data We Collect
This Policy covers two categories of personal data we process in connection with providing Directo:
| Category | Examples | Our Role |
|---|---|---|
| Merchant Contact Data | Name, business email address, and business contact number of authorised representatives, business owners, and contact persons associated with the Merchant account | Responsible organisation |
| End Customer Personal Data | Email address and order-related information submitted through Directo-powered storefronts | Data intermediary, acting on the Merchant’s behalf |
3. How We Use Personal Data
A. Merchant Contact Data
We use this personal data for the following purposes:
- Setting up and managing your Merchant account and dashboard access
- Billing and account administration
- Sending service notices, account alerts, and service-related communications
- Detecting and responding to suspected fraud, abuse, security incidents, or prohibited use
- Enforcing the Merchant Terms of Service and Acceptable Use Policy
- Complying with legal obligations and responding to lawful requests from authorities
- Sending marketing communications about Directo products and features, where permitted under applicable law. You may opt out of marketing communications at any time.
B. End Customer Personal Data
We process End Customer personal data as a data intermediary on behalf of the Merchant and in accordance with the Merchant’s instructions, except where processing is required by applicable law or reasonably necessary to maintain the security and integrity of Directo. We do not use End Customer personal data for Directo’s unrelated marketing, profiling, or resale.
When an End Customer places an order through a Directo-powered storefront, we collect the End Customer’s email address and order-related information for the following purposes:
- Checkout and order processing: to enable End Customers to complete purchases through your store
- Order records: to make order-related information available to you for the purpose of fulfilling and managing orders
You are responsible for ensuring that End Customer personal data made available to you through Directo is used solely for order fulfilment, customer service, and related lawful business purposes.
4. Sharing and Disclosure
We do not sell or rent identifiable Merchant personal data or End Customer personal data to third parties. We may disclose personal data, where necessary, to:
- Service providers: Cloud hosting providers, payment service providers, communication tools, and other vendors that support the operation of Directo, engaged under appropriate contractual protections.
- Professional advisers: Lawyers, accountants, auditors, and insurers, where necessary and subject to confidentiality obligations.
- Authorities: Government, regulatory, law enforcement, court, or other public authorities where required or permitted by applicable law.
- Business transfers: In the event of a merger, acquisition, restructuring, or sale of assets, relevant data may be transferred to the successor entity, subject to applicable legal requirements.
5. Retention
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Merchant Contact Data | Duration of Merchant relationship, plus up to 7 years where required for accounting, tax, legal, or dispute purposes |
| End Customer Personal Data | As directed by the Merchant, subject to retention reasonably required for legal, security, dispute, audit, or operational continuity purposes |
| Audit logs and security records | Up to 3 years, or longer where required for security, legal, or dispute purposes |
Where personal data is no longer required, we will securely delete or anonymise it.
6. Security
We implement reasonable security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction, which may include encryption, access controls, and incident response procedures. No system is completely secure, and we do not guarantee absolute security.
7. Your Rights Under the PDPA
Subject to the exceptions and limitations set out in the PDPA, you may request access to or correction of personal data we hold about you. Where we rely on consent to process your personal data, you may withdraw that consent at any time, though this will not affect processing already carried out and may impact our ability to provide certain services.
To make a request, please contact us at support@marlinxtech.com. We will respond within the timelines required under applicable law.
8. Overseas Transfers
We may engage overseas service providers, including cloud hosting and infrastructure providers, in connection with operating and supporting Directo. Where personal data is transferred outside Singapore, we take reasonable steps to ensure that the receiving party provides a standard of protection comparable to that required under the PDPA, including through appropriate contractual protections where applicable.
9. Data Breach
In the event of a data breach involving personal data we process as the responsible organisation, we will assess the breach and notify the PDPC and, where required, affected individuals in accordance with applicable law.
Where we process End Customer personal data as a data intermediary on your behalf, we will notify you of any material actual or reasonably suspected data breach involving End Customer personal data as soon as reasonably practicable after we become aware of the incident and complete a reasonable initial assessment.
You must promptly notify us at support@marlinxtech.com of any suspected or confirmed security incident that may affect our systems or data.
10. Cookies
Our Merchant dashboard uses cookies for authentication, session management, and to maintain, secure, and improve dashboard functionality. Some browser settings may allow you to block or delete cookies, but this may affect certain features.
11. Changes
We may update this Policy from time to time. Where changes are material, we will provide you with reasonable prior notice via your registered account email address or through the Merchant dashboard, unless changes are required immediately for legal, regulatory, or security reasons.
12. Contact
For any questions, requests, or complaints relating to this Policy or our data protection practices, please contact us at:
MarlinX Technologies Pte. Ltd.
Email: support@marlinxtech.com
Singapore
If you are not satisfied with our response, you may contact the Personal Data Protection Commission of Singapore at www.pdpc.gov.sg.