Spott Community Association Website Privacy Policy

Who we are

Our website address is: https://www.spottvillage.org.uk.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Stripe Card Payments Privacy Policy

Global Privacy Policy — Worldwide
Last updated: April 28, 2021

Stripe provides economic infrastructure for the internet. Businesses of all sizes use our software and services to accept payments and manage their businesses online. Stripe cares about the security and privacy of the personal data that is entrusted to us.

This policy describes the Personal Data that we collect, how we use and share it, your rights and choices, and how you can contact us about our privacy practices.

Stripe (“Stripe”, “we”, “our” or “us”) provides its services globally and the Stripe entity responsible for the collection and use of personal data under this Privacy Policy differs depending on your country.

We may collect and use personal data when we do business with you or when you do business with those that use our services. Some of our services may be accessed directly by you, including through our websites that reference this policy (e.g. stripe.com) (collectively “Sites”). Many of our services are provided to others in connection with their own business and activities, and you may engage with Stripe services as part of another’s service, such as when you make a payment to a merchant and we provide the payment processing services to that merchant through Stripe Checkout (collectively, we refer to Sites and direct and indirect services as “Services”). This policy applies to Stripe’s own Services. Websites, products and services of third-parties and some affiliates of Stripe are subject to their own separate privacy policies.

This Privacy Policy includes important information about your Personal Data and we encourage you to read it carefully.

1. Overview
Stripe obtains Personal Data about you from various sources. “You” may be a visitor to one of our Sites (“Visitor”), a user of one or more of our Services (“User” or “Stripe User”), or a direct or indirect customer of a User (“Customer”). If you are a Customer, your agreement with the relevant Stripe User should explain how the Stripe User shares your Personal Data with Stripe. If you have questions about this sharing, then you should direct those questions to the Stripe User.

You can also visit Stripe Privacy Center for more information about our privacy practices.

2. Personal Data We Collect
a. Personal Data that we collect about you

Personal Data is any information that relates to an identified or identifiable individual, and can include information about how you engage with our Services (e.g. device information, IP Address). In many cases, the Personal Data that you provide directly to us through our Services will be apparent from the context in which you provide the data:

When you register for a Stripe account on our Site we collect your full name, email address, and account log-in credentials.
When you fill-in our online form to contact our sales team, we ask for your name, contact information, country, and other information about your interest in our Services.
When you authorize us to store information about you in connection with Stripe Checkout, we collect your name and contact information and information about your stored payment methods (e.g. payment card number, CVC code and expiration date). Learn More.
When you submit your ID and/or a “Selfie” for purposes of verification. Learn More.
When you respond to Stripe emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call Stripe, as well as other information you may provide during the call. If you are a Stripe User or Customer, when you contact us, we may collect additional information in order to verify your identity.
If you are a Stripe User, you will provide your contact details, such as name, postal address, telephone number, and email address. As part of your business relationship with us, we may also collect financial and personal information about you, such as your date of birth and government identifiers associated with you and your organization (such as your social security number, tax number, or Employer Identification Number). You may also choose to provide bank account information.
If you are a Customer, when you make payments to, or transact with a User through Stripe’s Services or a Stripe provided device, we will receive your transaction information. If you are transacting directly with Stripe, we receive the information directly from you. If you are transacting with a User, depending on how they integrated our Services, we may receive this information directly from you, from the Stripe User or third parties. The information that we collect will include payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and in some cases, some information about your purchases. Different payment methods may require the collection of different categories of information. The payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods that are offered to you at the time of check-out. We may also receive your name, email, billing or shipping address and in some cases, your transaction history to authenticate you.
In connection with fraud monitoring, prevention, detection, and compliance activities for Stripe and its Users, we receive identity related from the following sources:

From Customers (including through their devices (e.g. IP Addresses)) related to Customers.
From Users about themselves and their Customers, including as collected through our Services.
From our business partners, financial service providers, identity verification services, and publicly available sources.
This Personal Data (e.g., name, address, phone number, country) helps us to confirm identities and prevent fraud. We may also use technology to assess the fraud risk associated with an attempted transaction by a Customer with a Stripe User.

You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through social media or online forums, (iii) through participation in an offer, program or promotion, (iv) in connection with an actual or potential business relationship with us, or (v) by giving us your business card or contact details in connection with trade shows or other events.

b. Information that we collect automatically on our Sites and through marketing of our products

Our Sites use cookies and other technologies. These technologies record information about you, including:

Browser and device data, such as IP Address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting.
Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
Online activities. We collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online services.
We collect information when you engage with our marketing messages and when you click on links included in ads for our products. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.
To learn more about the cookies that may be served through our Sites and how You can control our use of cookies and third-party analytics, please see: Cookie Policy and Cookies & Other Technology.

3. How We Use Personal Data
a. Our Services

We rely upon a number of legal grounds to enable our use of your Personal Data. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate business interests. We also use Personal Data to complete transactions and to provide payment-related services to our Users.

Learn more:

Contractual and pre-contractual business relationships

We use Personal Data for the purpose of entering into business relationships with prospective Stripe Users, and to perform the contractual obligations under the contracts that we have with Stripe Users. Activities include:

Creation and management of Stripe accounts and Stripe account credentials, including the evaluation of applications to commence or expand the use of our Services;
Creation and management of Stripe Checkout accounts;
Accounting, auditing, and billing activities; and
Processing of payments, including fraud detection and prevention, optimizing valid transactions, communications regarding such payments, and related customer service.
Legal compliance

We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.

Legitimate business interests

Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose Personal Data we process. The following list sets out the business purposes that we have identified as legitimate:

Detect, monitor and prevent fraud and unauthorized payment transactions;
Mitigate financial loss, claims, liabilities or other harm to Customers, Users and Stripe;
Determine eligibility for and offer new Stripe products and services;
Respond to inquiries, send Service notices and provide customer support;
Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services;
Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;
Analyze and advertise our Services;
Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business (Learn More);
Enable network and information security throughout Stripe and our Services; and
Share Personal Data among our affiliates for administrative purposes.
Payment transactions and related services (Stripe as a data processor)
We use Personal Data of Customers to provide our Services to Users, including to process online payment transactions and authenticate Customers on behalf of our Users. Learn More. All such use is pursuant to the terms of our business relationships with our Users. In addition, we may offer payment-related services to Users who have requested such services, and our delivery of such related services to our Users may involve the use of Personal Data. For example, a Stripe User may specify parameters for transactions submitted by its Customers that determine whether the transactions are blocked or allowed by our payment processing Services. In such cases, the User is responsible for the collection and use of Customer’s Personal Data for the payment transactions and payment-related services. We also use Personal Data to detect and prevent fraud. In providing such services, we may provide Users who have requested such services Personal Data from a Customer to assess the fraud risk associated with an attempted transaction by their Customer.

b. Marketing and events-related communications

We may send you email marketing communications about Stripe products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law, including any consent requirements. For example, when you submit your contact information to us or when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.

c. Advertising

When you visit our Sites, we (and our service providers) may use Personal Data collected from you and your device to target advertisements for Stripe Services to you on our Sites and other sites you visit (“interest-based advertising”), where allowed by applicable law, including any consent requirements. For example, when you visit our Site, we will use cookies to identify your device and direct ads for our Services to you. You have choices and control over our cookies (or similar technologies) we use to advertise to you. Please see our Cookie Policy for more information. At present, there is no industry standard for recognizing Do Not Track browser signals, so we do not respond to them.

We do not use, share, rent or sell the Personal Data of our Users’ Customers for interest-based advertising. We do not sell or rent the Personal Data of our Users, their Customers or our Site Visitors.

4. How We Disclose Personal Data
Stripe does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.

a. Stripe

We share Personal Data with other Stripe affiliated entities in order to provide our Services and for our administration purposes.

b. Service providers

We share Personal Data with certain of our service providers subject to contract terms that limit their use of Personal Data. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, marketing service, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America. Learn More.

c. Business partners

We share Personal Data with third party business partners in connection with our Services to our Users. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide payment processing services, and the professional services firms that we partner with to deliver Stripe Atlas. Learn more about what Stripe does with other third parties.

d. Our Users and third parties authorized by our Users

We share Personal Data with Users to maintain a User account and provide the Services and third party services. We share data with parties directly authorized by a User to receive Personal Data. This includes sharing Personal Data of Customers with Users to assess the fraud risk associated with attempted transactions by Customers, or when a User authorizes a third party application provider to access the User’s Stripe account using Stripe Connect. The use of Personal Data by an authorized third party is subject to the third party’s privacy policy.

e. Corporate transactions

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Privacy Policy.

f. Compliance and harm prevention

We share Personal Data as we believe necessary: (i) to comply with applicable law, or rules imposed by payment method in connection with use of that payment method; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety and property of Stripe, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

5. Your Rights and Choices
You may have choices regarding our collection, use and disclosure of your Personal Data:

a. Opting out of receiving electronic communications from us

If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you other messages in connection with providing our Services.

b. How you can see or change your account Personal Data

If you would like to review, correct, or update Personal Data that you have previously disclosed to us, you may do so by signing in to your Stripe account or by contacting us.

c. Your data protection rights

Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

The right to request confirmation of whether Stripe processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
The right to request that Stripe rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
The right to request that Stripe erase your Personal Data in certain circumstances provided by law;
The right to request that Stripe restrict the use of your Personal Data in certain circumstances, such as while Stripe considers another request that you have submitted (including a request that Stripe make an update to your Personal Data);
The right to request that we export your Personal Data that we hold to another company, where technically feasible;
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or
In some cases, you may also have the right to object to the processing of your Personal Data.
d. Process for exercising data protection rights

To exercise your data protection rights please also see Stripe Privacy Center. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

If you are a Customer of a Stripe User, please direct your requests directly to the User. For example, if you are making, or have made, a purchase from a merchant using Stripe as a payment processor, and you have a request that is related to the payment information that you provided as part of the purchase transaction, then you should address your request directly to the merchant.

6. Security and Retention
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Privacy Policy against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (e.g., you feel that the security of your account has been compromised), please contact us immediately.

We retain your Personal Data as long as we are providing the Services to you or our Users (as applicable). Even after we stop providing Services directly or indirectly to you, and even if you close your Stripe account or complete a transaction with a Stripe User, we keep your Personal Data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. We also keep Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods you used. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

7. International Data Transfers
We are a global business. Personal Data may be stored and processed in any country where we do business or our service providers do business. We may transfer your Personal Data to countries other than your own country, including to the United States. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. Officials (such as law enforcement or security authorities) in those other countries may be entitled to access your Personal Data.

If you are located in the European Economic Area (“EEA”), the UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the US. For more information, please see Stripe Privacy Center. Where applicable law requires that a data transfer legal mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law.

While Stripe Inc. remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, it is not currently relying on these frameworks for the transfer of personal data to the U.S. For more information, please see Stripe Privacy Center.

8. Use by Minors
The Services are not directed to minors, including children under the age of 13, and we request that they not provide Personal Data through the Services. In some countries, we may impose higher age limits as required by applicable law. We do not sell any Personal Data of Customers, Visitors or Users, including those aged between 13 to 16.

9. Updates To this Privacy Policy and Notifications
We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws. The “Last updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services.

We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website and, if you are a User, by contacting you through your Stripe Dashboard, email address and/or the physical address listed in your Stripe account.

If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.

10. Links To Other Online Services
The Services may provide the ability to connect to other online services. These online services may operate independently from us and/or may have their own privacy notices or policies, which we strongly suggest you review. If any online service linked to our Services is not owned or controlled by us, or does not claim to be covered by this Privacy Policy, we are not responsible for it and/or it is not covered by this Privacy Policy. Please refer to the privacy policy associated with that online service.

11. Controllers and Jurisdiction-specific Provisions
Depending on the activity, Stripe acts as a Controller and Processor. Learn More. For more information on the Stripe entity that is responsible under this Privacy Policy. Learn More.

Australia

If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Privacy Policy, you may wish to contact the Office of the Australian Information Commissioner.

EEA

To exercise your rights, you may contact our DPO. If you are a resident of the EEA or we have identified Stripe Payments Europe Limited as your data controller, and believe we process your information in scope of the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Office of the Data Protection Commissioner. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office.

Brazil

Stripe processes the personal data of people in Brazil in accordance with the Lei Geral de Proteção de Dados Pessoais (LGPD). This Privacy Policy (and Cookie Policy) disclose the categories and specific pieces of personal data collected about you, the categories of sources from which that personal data is collected, the business purposes for collecting the personal data, and the categories of third parties with which the information is shared. LGPD gives you certain rights to request information about our processing of your personal data and the right to ask that we delete your personal data. To exercise your rights, please contact our DPO.

Indonesia

As used in this Privacy Policy, “applicable law” includes Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions, Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, and Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems and “Personal Data” includes “personal data” as defined under such laws.

Malaysia

If you have any questions or complaints about this Privacy Policy, please contact our DPO.

Mexico

Mexican residents may exercise data protection rights to access, correction, deletion, opposition or revocation under applicable law. You may be provided with further information about the steps to exercise your privacy rights, including identity verification, timing, the way to get in touch with the organization responding to your request for further communications about your request, and how your request may be honored. If you are a Mexican resident and a Customer of a Stripe User, please direct your requests directly to the Stripe User with whom you shared your personal information.

Thailand

Thailand residents may have additional rights under applicable laws. If we process your Personal Data due to a legal obligation or contractual right, and you do not provide us with personal Information, we may not be able to lawfully provide you services.

United States – California

If you are a consumer located in California, we process your personal data in accordance with the California Consumer Privacy Act (CCPA). This section provides additional details about the personal information we collect and use for purposes of CCPA.

a. How We Collect, Use, and Disclose your Personal Information

The Personal Data We Collect section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the How We Use Personal Data section. We share this information as described in the How We Disclose Personal Data section. Stripe uses cookies, including advertising cookies, as described in our Cookie Policy.

b. Your CCPA Rights and Choices

As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:

Exercising the right to know: You may request the following information about the personal information we have collected about you:

the categories and specific pieces of personal information we have collected about you;
the categories of sources from which we collected the personal information;
the business or commercial purpose for which we collected the personal information;
the categories of third parties with whom we shared the personal information; and
the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
Exercising the right to delete: You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
Exercising the right to opt-out from a sale: You may request to opt out of any “sale” of your personal information that may take place. As described in Advertising, we do not use, share, rent or sell the Personal Data of our Users’ Customers for interest-based advertising. We do not sell or rent the Personal Data of our Users, their Customers or our Site visitors.
Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.
To submit a request to exercise any of the rights described above, contact our DPO.

ALL

When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required. If you are a Customer of a Stripe User, please direct your requests directly to the Stripe User with whom you shared your personal information.

12. Contact Us
If you have any questions or complaints about this Privacy Policy, please contact us or send mail as provided in our Privacy Center.

PayPal

Privacy Statement
Effective Date: June 10, 2021

 

1. Overview
PayPal has developed this Privacy Statement to explain how PayPal, as a Data Controller, may collect, retain, process, share and transfer your Personal Data when you visit our Sites or use our Services. This Privacy Statement applies to your Personal Data when you visit Sites or use Services, and does not apply to online websites or services that we do not own or control, including websites or services of other PayPal Users.

As a European bank registered in Luxembourg, we comply with data protection and financial regulatory requirements. For the avoidance of doubt, this Privacy Statement does not constitute a “framework contract” for the purpose of the EU Payment Services Directive (2007/64/EC) or any implementation of that Directive in the European Economic Area or United Kingdom.

This Privacy Statement is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Sites and Services. Please note that our Service offerings may vary by region. This Privacy Statement may be supplemented with additional notices depending on the Sites and Services concerned. Supplementary information can be found in the Statement on Cookies and Tracking Technologies and the Banking Regulations Notice.

We have defined some terms that we use throughout the Privacy Statement. You can find the meaning of a capitalised term in the Definitions section.

Please contact us if you have questions about our privacy practices that are not addressed in this Privacy Statement.

2. What Personal Data Do We Collect?
We collect Personal Data about you when you visit our Sites or use our Services, including the following:

Registration and use information – When you register to use our Services by establishing an Account, we will collect Personal Data as necessary to offer and fulfil the Services you request. Depending on the Services you choose, we may require you to provide us with your name, postal address, telephone number, email address and identification information to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.

Transaction and experience information – When you use our Services or access our Sites, for example, to make purchases from merchants, to receive money, to process payments, or to send money to friends and family, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, merchant information, including information about any funding instruments used to complete the transaction, Device Information, Technical Usage Data, and Geolocation Information.
Participant Personal Data – When you use our Services or access our Sites, we collect Personal Data you provide us about the other participants associated with the transaction.
Send or request money: When you send or request money through the Services, we collect Personal Data such as name, postal address, telephone number, and financial account information about the participant who is receiving money from you or sending money to you. The extent of Personal Data required about a participant may vary depending on the Services you are using to send or request money.
Pay or request someone else to pay a bill: If you use our Services to pay a bill for the benefit of someone else, or if you request a User to pay a bill for you, we collect Personal Data from you about the account holder such as name, postal address, telephone number, email address, and account number of the bill that you intend to pay or request to be paid.
Add value to your accounts: If you use our Services to add value to your Account or any other account you may have, or if you ask a User to add value to any of these accounts, we may collect Personal Data from you about the other party, or from the other party about you to facilitate the request. For example, if you use our Services to reload a mobile phone, or to request value be added to your mobile account, we may collect Personal Data and other information including mobile account number from the other participant.
Information about your public profile and your friends and contacts – It may be easier for us to help you transact with your friends and contacts if you choose to connect your contact list information with your Account or if your Account profile is publicly available. If you establish an account connection between your device or a social media platform and your Account, we will use your contact list information (such as name, address, email address) to improve your experience when you use the Services. When your Account profile is public, other users can find your profile to send you money by searching for you by name, username, email, or mobile number on PayPal and confirm it’s you by viewing your photo. You can make your Account profile private anytime in your PayPal.me settings.
Personal data that you choose to provide us to obtain additional Services or specific online Services – If you request or participate in an optional Site feature, or request enhanced Services or other elective functionality, we may collect additional information from you. We will provide you with a separate notice at the time of collection, if the use of that Personal Data differs from the uses disclosed in this Privacy Statement.
Personal Data about you if you use unbranded Services – certain Services are available without being required to log in to or establish an Account. We will collect Personal Data when you are interacting with and making payments to merchants using our card payment services that do not carry the PayPal brand and when you checkout with PayPal without logging into an account. For our unbranded payment services, your interaction is with the merchant, on their platform. If you are an Account holder, or create an Account at a later date, we may collect information about unbranded transactions and associate them with your Account to improve your customer experience as an Account holder and for compliance and analytics purposes. If you are not an Account holder, we will collect and store all information you provide and use such information in accordance with this Privacy Statement.
Personal Data about you from third-party sources – We obtain information from third-party sources such as merchants, data providers, and credit bureaus, where permitted by law.
Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.

3. Why Do We Retain Personal Data?
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal data in accordance with this Privacy Statement.

The cookies we use have defined expiration times; unless you visit our Sites or use our Services within that time, the cookies are automatically disabled and retained data is deleted. Please consult our Statement on Cookies and Tracking Technologies for more information.

4. How Do We Process Personal Data?
We may Process your Personal Data for a variety of reasons that are justified under data protection laws in the European Economic Area (EEA), UK and Switzerland.

To operate the Sites and provide the Services, including to:

initiate a payment, send or request money, add value to an account, or pay a bill
authenticate your access to an Account
communicate with you about your Account, the Sites, the Services, or PayPal
create an account connection between your Account and a third-party account or platform
perform creditworthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes,
keep your Account and financial information up to date.
To manage our business needs, such as monitoring, analysing, and improving the Services and the Sites’ performance and functionality. For example, we analyse User behaviour and perform research about the way you use our Services.
To manage risk and protect the Sites, the Services and you from fraud by verifying your identity. PayPal’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data, and Geolocation Information from our Sites and websites that offer PayPal Services to help detect and prevent fraud and abuse of the Services.
To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
For our legitimate interests, including to:
enforce the terms of our Sites and Services;
manage our everyday business needs, such as monitoring, analysing;
manage risk, fraud, and abuse of PayPal Services;
anonymise Personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services; and
conduct business to business marketing; and
provide personalised Services (also called interest-based marketing) offered by PayPal on third-party websites and online services. We may use your Personal Data and other information collected in accordance with this Privacy Statement to provide a targeted display, feature or offer to you on third-party websites.
make it easier for you to find and connect with others. For instance, if you let us access your contacts or when your Account profile is public, we can suggest connections with people you may know and help others connect with you to send you money by letting them find your profile when they search for you by name, username, email, or mobile number on PayPal. We may also associate information that we learn about you through your and your contacts’ use of the Services, and information you and others provide, to suggest people you may know or may want to transact with through our Services. Social functionality and features designed to simplify your use of the Services with others vary by Service.
With your consent, including to:
To market to you about PayPal products and Services and the products and services of unaffiliated businesses. We may also Process your Personal Data to tailor the marketing content and certain Services or Site experiences to better match your interests on PayPal and other third-party websites.
To use cookies and other tracking technologies to provide a targeted display, feature, Service or offer to you and/or to work with other third-parties such as merchants, advertising or analytics companies to provide these personalised services (also called interest-based marketing).
To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide you with location-based Services, such as advertising, search results, and other personalised (also called interest-based marketing) content.
To respond to your requests, for example to contact you about a question you submitted to our customer service team.
You can withdraw your consent at any time and free of charge. Please refer to the section on “Your Privacy Choices” for more information on how to do that.

5. Do We Share Personal Data?
We may share your Personal Data or other information about you with others in a variety of ways as described in this section of the Privacy Statement. We may share your Personal Data or other information for the following reasons:

With other members of the PayPal corporate family: We may share your Personal Data with members of the PayPal family of entities to, among other things, provide the Services you have requested or authorised; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage the availability and connectivity of PayPal products, Services, and communications.

With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support.

With other financial institutions: We share Personal Data with other financial institutions that we have partnered with to jointly create and offer a product. These financial institutions may only use this information to market and offer PayPal-related products, unless you have given consent for other uses. We may also share Personal Data to process transactions, provide you with benefits associated with your eligible cards, and keep your financial information up to date.

With the other parties to transactions when you use the Services, such as other Users, merchants, and their service providers: We may share information about you and your Account with the other parties involved in processing your transactions. This includes other Users you are sending or receiving funds from and merchants, and their service providers. The information might include:

Personal Data and Account information necessary to facilitate the transaction;
Personal Data to help other participant(s) resolve disputes and detect and prevent fraud; and
Anonymous data and performance analytics to help merchants better understand the uses of our Services and to help merchants enhance Users’ experiences.
With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for PayPal’s business purposes or as permitted or required by law, including:

if we need to do so to comply with a law, legal process or regulations;
to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to PayPal or PayPal’s corporate family;
if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
to protect the vital interests of a person;
with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;
to investigate violations of or enforce a user agreement or other legal terms applicable to any Service;
to protect our property, Services and legal rights;
to facilitate a purchase or sale of all or part of PayPal’s business;
in connection with shipping and related services for purchases made using a Service;
to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals, and merchants, such as eBay, Inc.;
to banking partners as required by card association rules for inclusion on their list of terminated merchants;
to credit reporting and collection agencies;
to companies that we plan to merge with or be acquired by; and
to support our audit, compliance, and corporate governance functions.
With your consent: We also will share your Personal Data and other information with your consent or direction, including if you authorise an account connection with a third-party account or platform.

In addition, PayPal may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.

6. How Do We Work with Other Services and Platforms?
A significant benefit and innovation of PayPal’s Services is that you can connect your Account with a third-party account or platform. For the purposes of this Privacy Statement, an “account connection” with such a third-party is a connection you authorise or enable between your Account and a non-PayPal account, payment instrument, or platform that you lawfully control or own. When you authorise such a connection, PayPal and the third-party will exchange your Personal Data and other information directly. Examples of account connections include:

linking your Account to a social media account or social messaging service;
connecting your Account to a third-party data aggregation or financial services company, if you provide such company with your Account log-in credentials; or
using your Account to make payments to a merchant or allowing a merchant to charge your Account.
If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your Account to a social media account, we will receive Personal Data from the social media provider via the account connection. If you connect your Account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases and funds transfers. We will use all such information that we receive from a third-party via an account connection in a manner consistent with this Privacy Statement.

Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Before authorising an account connection, you should review the privacy notice of any third-party that you authorised to have an account connection that will gain access to your Personal Data as part of the account connection. For example, Personal Data that PayPal shares with a third-party account or platform such as a social media account may in turn be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices.

7. International transfers
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.

The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA and UK data protection law, to protect your Personal Data. In particular, for transfers of your Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). Other transfers may be based on contractual protections. Please contact us for more information about this.

If you make transactions with parties outside the EEA, UK or Switzerland or connect our Service with platforms, such as social media, outside the EEA, UK or Switzerland, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.

8. How Do We Use Cookies and Tracking Technologies?
When you visit our Sites, use our Services, or visit a third-party website for which we provide online services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognise you as a User and to customise your online experiences, the Services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.

Please review our Statement on Cookies and Tracking Technologies to learn more about how we use Cookies.

9. What Privacy Choices Are Available To You?
You have choices when it comes to the privacy practices and communications described in this Privacy Statement. Many of your choices may be explained at the time you sign up for or use a Service or in the context of your use of a Site. You may be provided with instructions and prompts within the experiences as you navigate the Services.

Choices Relating to the Personal Data We Collect
Personal Data. You may decline to provide Personal Data when it is requested by PayPal, but certain Services or all of the Services may be unavailable to you.
Location and other device-level information. The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that PayPal may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device.
Choices Relating to Our Use of Your Personal Data
Online Tracking and Interest-Based Marketing. We work with partners and third-party service providers to serve you advertising using ad-related cookies and web beacons. You can opt-out of third-party advertising-related cookies and web beacons, in which case our advertising should not be targeted to you. You will continue to see our advertising on third party websites.
For more information on third-party advertising-related cookies and interest-based marketing, and to learn how to opt-out of these practices with companies participating in industry self-regulation, please visit Your Online Choices.
Finding and connecting with others. If available, you may manage your preferences for finding and connecting with others from your account of the Service you use.
Choices Relating to Account Connections
If you authorise an account connection to a third-party account or platform, such as a social media account, you may be able to manage your connection preferences from your Account or the third-party account or platform. Please refer to the privacy notice that governs the third-party platform for more information on the choices you may have.
Choices Relating to Cookies
You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site.
You may have an option regarding the use of cookies and other tracking technologies when you use a Service or visit parts of a Site. For example, you may be asked if you want the Service or Site to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them.
You can learn more about our cookies and tracking technologies by visiting the Statement on Cookies and Tracking Technologies page.
Choices Relating to Your Registration and Account Information
If you have an Account, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Contact us if you do not have an Account or if you have questions about your Account information or other Personal Data.
Choices Relating to Linking your Bank Account and Open Banking
To enable you to use your bank account with PayPal (for example for PayPal payments), we need to confirm that you own the bank account linked to your PayPal account and check if there are sufficient funds in your bank account for these future payments. You can verify your bank account instantly, by providing PayPal access to your bank account to view your bank account information, bank balances and transaction history. The data is only processed for the purposes you have granted us permission for, and in accordance with the laws that access to your bank account data. In the event we need to view your bank account balance or transaction history again after 90 days, we will request your permission again.
As an alternative, you may verify your bank account by confirming a verification code sent to your bank account with an IBAN (International Bank Account Number). This may take longer (1 to 4 days). In this event PayPal will not be able to view your bank balances and/or transaction history details.
Choices Relating to Communication
Notices, Alerts and Updates from Us:
Marketing: We may send you marketing content about our Sites, Services, products, products we jointly offer with financial institutions, as well as the products and services of unaffiliated third parties and members of the PayPal corporate family through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. You may opt out of these marketing communications we send by following the instructions in the communications you receive. If you have an Account with us, you may also adjust your communication preferences in your Account settings. For messages sent via push notifications, you may manage your preferences in your device.
Informational and Other: We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices.

10. What Are Your Rights?
Subject to limitations set out in EEA and UK data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you wish to exercise these rights.

If you have an Account with any of our Services, you generally can review and edit Personal Data in the Account by logging in and updating the information directly. We may use automated decision-making for decisions concerning credit with your consent or where necessary for the entry into or performance of a contract or authorised by Union or Member state law.

Please contact us if you require more information on automated-decision making.

11. How Do We Protect Your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.

12. Can Children Use Our Services?
The Sites and Services are not directed to children under the age of 16. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 16.

13. What Else Should You Know?
Changes to this Privacy Statement.

We may revise this Privacy Statement from time to time to reflect changes to our business, the Sites or Services, or applicable laws. The revised Privacy Statement will be effective as of the published effective date.

If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.

14. Contact Us
You may contact us if you have general questions or concerns about this Privacy Statement and supplemental notices or the way in which we handle your Personal Data.

We want to make sure your questions go to the right place:

Click here to contact us about your PayPal account or transaction or a card payment made on a merchant website.

Click here to contact us about your Xoom account
If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country.

Our Data Protection Officer can be contacted Online or by post at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

Our UK Representative can be contacted by post for any UK-specific data protection inquiries at Bird & Bird GDPR Representative UK, 12 New Fetter Lane, Holburn, London EC4A 1JP.

15. Definitions
Account means a PayPal or Xoom member account.

Data Controller means that PayPal determines the purposes and means of the processing of Personal Data.
Device Information means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about your device’s web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data.

Geolocation Information means information that identifies, with reasonable specificity, your location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.

PayPal means PayPal (Europe) S.a.r.l. et Cie, S.C.A. and subsidiaries or affiliates. In this Privacy Statement, PayPal is sometimes referred to as “we,” “us,” or “our,” depending on the context.

Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person. “Personal Data” can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s license number, national ID, passport number).

Process means any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.

Services means any products, services, content, features, technologies, or functions, and all related websites, applications and services offered to you by PayPal.

Sites means the websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services and which has posted or linked to this Privacy Statement.

Technical Usage Data means information we collect from your phone, computer or other device that you use to access the Sites or Services. Technical Usage Data tells us how you use the Sites and Services, such as what you have searched for and viewed on the Sites and the way you use our Services, including your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies.

User means an individual who uses the Services or accesses the Sites.

16. Additional Information
The information provided in this section may be specific to customers depending on your region or how you use the Services. This information is provided to PayPal from third parties whom you may interact when using the Services.

Banking Regulations Notice for Customers in the EEA and UK
Credit Reference Agencies Information Notice
Google ReCaptcha

Banking Regulations Notice for Customers in the EEA and UK
In general, the Luxembourg laws to which PayPal’s handling of user data is subject (data protection and bank secrecy) require a higher degree of transparency than most other EU laws. This is why, unlike the vast majority of providers of internet-based services or financial services in the EU, PayPal has listed in this Privacy Statement the third party service providers and business partners to whom we may disclose your data, together with the purpose of disclosure and type of information disclosed. You will find a link to those third parties here. By accepting this Privacy Statement and maintaining an account with PayPal, you expressly consent to the transfer of your data to those third parties for the purposes listed.

PayPal may update the list of third parties referred to above every quarter (January 1st, April 1st, July 1st and October 1st). PayPal will only start transferring any data to any of the new entities or for the new purposes or data types indicated in each update after 30 days from the date when that list is made public through this Privacy Statement. You should review the list each quarter on the PayPal website on the dates stated above. If you do not object to the new data disclosure, within 30 days after the publication of the updated list of third parties, you are deemed to have accepted the changes to the list and to this Privacy Statement. If you do not agree with the changes, you may close your account and stop using our services.

In order to provide the PayPal Services, certain of the information we collect (as set out in this Privacy Statement) may be required to be transferred to other PayPal related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the PayPal Services constitutes your consent to our transfer of such information to provide you the PayPal Services.

Specifically, you consent to and direct PayPal to do any and all of the following with your information:

Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations (including, without limitation, the Agencies referenced in the “Agencies” section of the Third Party Provider List here) and other third parties, including PayPal Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US Foreign Account Tax Compliance Act (“FATCA Law”) and 18 December 2015 on the OECD common reporting standard (“CRS Law”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, your funding source or credit or debit card provider).

If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities. Please read more about PayPal’s obligations under the FATCA and CRS Law and how they could affect you as well as take note of the information we may disclose as result.

We and other organisations, including parties that accept PayPal, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us if you want to receive further details of the relevant fraud prevention agencies. For more information on these Agencies, fraud prevention agencies and other third parties, click here.

Disclose Account Information to intellectual property right owners if under the applicable national law of an EU member state they have a claim against PayPal for an out-of-court information disclosure due to an infringement of their intellectual property rights for which PayPal Services have been used (for example, but without limitation, Sec. 19, para 2, sub-section 3 of the German Trademark Act or Sec. 101, para 2, sub-section 3 of the German Copyright Act).

Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.

Disclose your name and PayPal link in the PayPal user directory. Your details will be confirmed to other PayPal users in response to a user searching using your name, email address or telephone number, or part of these details. This is to ensure people make payments to the correct user. This feature can be turned off in the PayPal profile settings.

If you as a merchant use a third party to access or integrate PayPal, we may disclose to any such partner necessary information for the purpose of facilitating and maintaining such an arrangement (including, without limitation, the status of your PayPal integration, whether you have an active PayPal account and whether you may already be working with a different PayPal integration partner).

Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide PayPal Services to you. We also set out in the list of third parties, under each ” Category”, non-exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose your Account Information or to whom we may consider disclosing your Account Information, together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was shared).

Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).

Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Manchester. However, this aggregated information is not tied to personal information.

Share necessary Account Information with unaffiliated third parties (listed here) for their use for the following purposes:

Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk. For example, if you use the PayPal Services to buy or sell goods using eBay Inc, or its affiliates (“eBay”), we may share Account Information with eBay in order to help protect your accounts from fraudulent activity, alert you if we detect such fraudulent activity on your accounts, or evaluate credit risk.

As part of our fraud prevention and risk management efforts, we also may share necessary Account Information with eBay in cases where PayPal has placed a hold or other restriction on your account based on disputes, claims, chargebacks or other scenarios regarding the sale or purchase of goods. Also, as part of our fraud prevention and risk management efforts, we may share Account Information with eBay to enable them to operate their programmes for evaluating buyers or sellers.

Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).

Shipping: in connection with shipping and related services for purchases made using PayPal.

Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.

Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.

Credit Reference Agencies Information Notice
If you choose to apply for PayPal Credit, in order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

Transunion: www.transunion.co.uk/crain

Equifax: www.equifax.co.uk/crain

Experian: www.experian.co.uk/crain

Google ReCaptcha
PayPal uses ReCaptcha on the Sites and Services. Your use of ReCaptcha is subject to the Google Privacy Policy and Terms of Use.

ReCaptcha is only used to fight spam and abuse.