This Application collects some Personal Data from its Users.
Personal Data collected for the following purposes and using the following services:
Latest update: July 24, 2020
PayPal has developed this Privacy Statement to explain how PayPal, as a Data Controller, may collect, retain, process, share and transfer your Personal Data when you visit our Sites or use our Services. This Privacy Statement applies to your Personal Data when you visit Sites or use Services, and does not apply to online websites or services that we do not own or control, including websites or services of other PayPal Users.
As a European bank registered in Luxembourg, we comply with data protection and financial regulatory requirements. For the avoidance of doubt, this Privacy Statement does not constitute a “framework contract” for the purpose of the EU Payment Services Directive (2007/64/EC) or any implementation of that Directive in the European Economic Area.
This Privacy Statement is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Sites and Services. Please note that our Service offerings may vary by region. This Privacy Statement may be supplemented with additional notices depending on the Sites and Services concerned. Supplementary information can be found in the Statement on Cookies and Tracking Technologies and the Banking Regulations Notice.
We have defined some terms that we use throughout the Privacy Statement. You can find the meaning of a capitalised term in the Definitions section.
Please contact us if you have questions about our privacy practices that are not addressed in this Privacy Statement.
We collect Personal Data about you when you visit our Sites or use our Services, including the following:
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal data in accordance with this Privacy Statement.
The cookies we use have defined expiration times; unless you visit our Sites or use our Services within that time, the cookies are automatically disabled and retained data is deleted. Please consult our Statement on Cookies and Tracking Technologies for more information.
We may Process your Personal Data for a variety of reasons that are justified under data protection laws in the European Economic Area (EEA) and Switzerland.
You can withdraw your consent at any time and free of charge. Please refer to the section on “Your Privacy Choices” for more information on how to do that.
We may share your Personal Data or other information about you with others in a variety of ways as described in this section of the Privacy Statement. We may share your Personal Data or other information for the following reasons:
With other members of the PayPal corporate family: We may share your Personal Data with members of the PayPal family of entities to, among other things, provide the Services you have requested or authorised; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage the availability and connectivity of PayPal products, Services, and communications.
With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support.
With other financial institutions: We share Personal Data with other financial institutions that we have partnered with to jointly create and offer a product. These financial institutions may only use this information to market and offer PayPal-related products, unless you have given consent for other uses. We may also share Personal Data to process transactions, provide you with benefits associated with your eligible cards, and keep your financial information up to date.
With the other parties to transactions when you use the Services, such as other Users, merchants, and their service providers: We may share information about you and your Account with the other parties involved in processing your transactions. This includes other Users you are sending or receiving funds from and merchants, and their service providers. The information might include:
With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for PayPal’s business purposes or as permitted or required by law, including:
With your consent: We also will share your Personal Data and other information with your consent or direction, including if you authorise an account connection with a third-party account or platform.
In addition, PayPal may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent.
A significant benefit and innovation of PayPal’s Services is that you can connect your Account with a third-party account or platform. For the purposes of this Privacy Statement, an “account connection” with such a third-party is a connection you authorise or enable between your Account and a non-PayPal account, payment instrument, or platform that you lawfully control or own. When you authorise such a connection, PayPal and the third-party will exchange your Personal Data and other information directly. Examples of account connections include:
If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your Account to a social media account, we will receive Personal Data from the social media provider via the account connection. If you connect your Account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases and funds transfers. We will use all such information that we receive from a third-party via an account connection in a manner consistent with this Privacy Statement.
Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Before authorising an account connection, you should review the privacy notice of any third-party that you authorised to have an account connection that will gain access to your Personal Data as part of the account connection. For example, Personal Data that PayPal shares with a third-party account or platform such as a social media account may in turn be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices.
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.
The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data. In particular, for transfers of your Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). Other transfers may be based on contractual protections. Please contact us for more information about this.
If you make transactions with parties outside the EEA or Switzerland or connect our Service with platforms, such as social media, outside the EEA or Switzerland, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals.
You have choices when it comes to the privacy practices and communications described in this Privacy Statement. Many of your choices may be explained at the time you sign up for or use a Service or in the context of your use of a Site. You may be provided with instructions and prompts within the experiences as you navigate the Services.
Subject to limitations set out in EEA data protection laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you wish to exercise these rights. If you wish to complete an access request to all personal data that PayPal holds on you, please note that photo identity will be required to prove your identity.
If you have an Account with any of our Services, you generally can review and edit Personal Data in the Account by logging in and updating the information directly. We may use automated decision-making for decisions concerning credit with your consent or where necessary for the entry into or performance of a contract or authorised by Union or Member state law.
Please contact us if you require more information on automated-decision making.
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.
The Sites and Services are not directed to children under the age of 16. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 16.
Changes to this Privacy Statement.
We may revise this Privacy Statement from time to time to reflect changes to our business, the Sites or Services, or applicable laws. The revised Privacy Statement will be effective as of the published effective date.
If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.
You may contact us if you have general questions or concerns about this Privacy Statement and supplemental notices or the way in which we handle your Personal Data.
We want to make sure your questions go to the right place:
If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the Supervisory Authority for data protection in your country.
Our Data Protection Officer can be contacted at firstname.lastname@example.org or PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
The information provided in this section may be specific to customers depending on your region or how you use the Services. This information is provided to PayPal from third parties whom you may interact when using the Services.
In general, the Luxembourg laws to which PayPal’s handling of user data is subject (data protection and bank secrecy) require a higher degree of transparency than most other EU laws. This is why, unlike the vast majority of providers of internet-based services or financial services in the EU, PayPal has listed in this Privacy Statement the third party service providers and business partners to whom we may disclose your data, together with the purpose of disclosure and type of information disclosed. You will find a link to those third parties here. By accepting this Privacy Statement and maintaining an account with PayPal, you expressly consent to the transfer of your data to those third parties for the purposes listed.
PayPal may update the list of third parties referred to above every quarter (January 1st, April 1st, July 1st and October 1st). PayPal will only start transferring any data to any of the new entities or for the new purposes or data types indicated in each update after 30 days from the date when that list is made public through this Privacy Statement. You should review the list each quarter on the PayPal website on the dates stated above. If you do not object to the new data disclosure, within 30 days after the publication of the updated list of third parties, you are deemed to have accepted the changes to the list and to this Privacy Statement. If you do not agree with the changes, you may close your account and stop using our services.
In order to provide the PayPal Services, certain of the information we collect (as set out in this Privacy Statement) may be required to be transferred to other PayPal related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the PayPal Services constitutes your consent to our transfer of such information to provide you the PayPal Services.
Specifically, you consent to and direct PayPal to do any and all of the following with your information:
If you choose to apply for PayPal Credit, in order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at: