Overview
In order to create a safe, standardized, and orderly development environment and ensure the legitimate rights and interests of Developers (ISVs) and their Users (Lazada sellers), this Platform Rules and Penalty Measures (“Platform Rules”) is formulated according to Lazada Open Platform Developer Agreement and the Lazada Policies. These Platform Rules apply to all Developers and their Applications on Lazada Open Platform. All capitalised Terms used herein without definition shall have the meanings ascribed to them in the Developer Agreement.
Platform Rules
1. Dormant Applications and Accounts
1.1. In accordance with Clause 2.9 of the Developer Agreement, Applications may be limited (i.e. put into Hibernation Mode), suspended or removed if:
(a) an Application is not made available online to Users within 90 consecutive days after its creation or last availability; or
(b) no API calls are made by the Application within a duration of 90 consecutive days, (referred to as a “Dormant Application”).
1.2. In accordance with Clause 2.9 of the Developer Agreement, an Account may be limited, disabled, suspended, or terminated by Lazada at our sole and absolute discretion without prior notice or liability if:
(a) the Developer has not uploaded any Application within 90 consecutive days after the creation of the Account;
(b) the Account has not passed the verification review by Lazada within 90 consecutive days after the creation of the Account; or
(c) all Applications created by such Account are deemed to be dormant for more than 30 days, (referred to as a “Dormant Account”).
2. API Monitoring
ISV must regularly monitor the API call success rates and make necessary improvement in a timely manner as may be notified by Lazada from time to time.
Lazada reserves the right to take the penalty measures prescribed in Section 4 below if the API call success rate by an Application is deemed to be consistently low, or the response of the ISV is deemed or unsatisfactory by Lazada.
3. Vulnerabilities and Security Testing
3.1. Lazada may test your Application from time to time using either manual security testing methods or automated security testing methods in accordance with Clause 5.3 and Schedule 1 of the Developers’ Agreement.
3.2. Lazada may notify you of any Vulnerabilities identified by Lazada, and require you to undertake remedial actions to rectify or mitigate the Vulnerabilities within the following timeline (or such other timeline determined by Lazada), depending on the risk rating for such Vulnerability, which shall be determined by Lazada at its sole discretion:
| Risk Rating |
Description |
No. of Days from Notification to Complete Remedial Actions |
| Critical |
Critical risk or vulnerabilities that place Lazada Content at immediate risk of Data Breaches |
Max. 14 days |
| High |
Severe risk that should be addressed immediately to protect Lazada Content |
Max. 30 days |
| Medium |
Unnecessary security risks that can lead to more serious vulnerabilities |
Max. 60 days |
| Low |
Areas of improvement to reduce risk |
Max. 90 days |
3.3. Upon such notification, you shall promptly propose to Lazada in writing the remedial actions to rectify or mitigate the vulnerabilities in a manner which is reasonably satisfactory to Lazada. Upon Lazada’s approval (which may be withheld in Lazada’s sole and absolute discretion), you shall complete such rectification or mitigation at your own cost and expense within the relevant timeline as set out in in these Platform Rules or such other timeline as may be determined by Lazada at its sole discretion.
3.4. Without prejudice to any other rights or remedies that the Lazada Group may have under the Developer Agreement and the Terms of Use, Lazada may take one or more of the measures as set out in the Section 4 below against the Developer or the Application if it becomes aware or reasonably suspects that the Developer is unable to remedy or fix such Vulnerabilities or is otherwise in breach of the data protection requirements.
3.5. Lazada reserves the right to suspend or terminate the Developer’s access to Personal Data immediately if Lazada becomes aware or reasonably suspects that a Data Breach has been suffered by the Developer without liability to the Developer.
4. Penalty Measures to Violations
4.1. Developers must comply with the Lazada Open Platform Developer Agreement, the Lazada Policies, Platform Rules and other terms and conditions that are published by Lazada from time to time on the Platform and/or otherwise communicated to the Developer.
4.2. For the purposes of imposing the following penalty measures, Lazada’s assessment of the Developer’s violation of the Developer Agreement, Lazada’s Policies and Platform Rules are final, and Lazada may take one or more of the following measures against the Application or Developer depending on the circumstances:
