Effective Date: The Braintree Privacy Statement is effective on 1 November 2023.
This privacy statement explains how and why PayPal UK Ltd, as a controller, collects, stores, uses, shares and transfers personal data when you visit our websites offering Braintree services or use the Braintree services. Reading it will help you understand your privacy rights and the choices may you have.
PayPal UK Ltd is authorised and regulated by the Financial Conduct Authority (FCA) as an electronic money institution under the Electronic Money Regulations 2011 for the issuance of electronic money (firm reference number 994790), in relation to its regulated consumer credit activities under the Financial Services and Markets Act 2000 (firm reference number 996405) and for the provision of Cryptocurrency services under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 1000741). Some of PayPal UK Ltd’s products including PayPal Pay in 3 and PayPal Working Capital are not regulated by the FCA. PayPal UK Ltd’s company number is 14741686 and its registered address is Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH.
“Personal data” in this statement means information about you, including your identity, financial information, contact information, and online behavior.
When it comes to how your personal data is collected, stored, used, and shared, you have rights and choices.
You have the right to request a copy of the personal data, restrict processing, correct inaccuracies, anonymize or delete, and transfer your data that we’ve collected about you, subject to limitations under applicable law.
You may also have the right to review the outcome of certain automated decisions and request not be subjected to automated decision-making. If you want to exercise any of your rights, please contact us.
Here are some of the ways we communicate with you and the choices you have to limit these communications.
How we communicate with you
Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered.
If you use our services to pay for goods and services, we may contact you via email, telephone, or send you paper mail. We do this when we reply to a message from you or when we have to communicate with you to comply with a law or other obligation. These messages contain important information and you may not opt out of receiving them.
If you are an existing merchant using our services so your customers can pay you, we may contact you using a telephone, email, text, paper mail, and send notifications to your merchant dashboard to help manage your account, deliver important information to you, and market our products and services.
If you are a merchant inquiring about our payment services, we may contact you via email or telephone to market our products and services and answer questions you may have about how our services work.
Depending on how we send the marketing communications, you can either click the unsubscribe link in any marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device to stop receiving these types of messages.
We may collect your personal data when you visit our websites, create a merchant account, or use our payment services to buy or sell goods and services.
Here are the kinds of personal data that we may collect when you use our services to purchase goods and services or contact us:
Here are the kinds of personal data that we may collect when you inquire about our services, create a merchant account with us, or use our services so your customers can pay you. This may also include the personal data of your employees:
Here are the kinds of personal data that we may collect when you visit our websites:
We may collect personal information about you from various sources, for example from:
You can disable or decline some cookies for our websites and services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.
To learn how to opt-out of this kind of tracking technology, visit About Ads.
We collect personal data for many reasons, including to improve your experience, and to run our business. Let’s look at some specific reasons why we collect your personal data.
If you use our services to pay for goods and services or contact us, we may use your information for our legitimate interests to:
If you are a merchant (or the merchant’s employee) who use our services so your customer can pay you, we may use your information to fulfill our contract with you and for our legitimate interests to:
If you visit our websites or inquire about our services, we may use your information in our legitimate interests to:
We do not sell your personal data. However, we may share data across our services and with other members of the PayPal corporate family. Sometimes we also share the personal data we collect with third parties to help us provide services, protect our customers from risk and fraud, market our products to merchants and those who inquire about our services, and comply with legal obligations.
You can review the kinds of personal data that we may share by reviewing The personal data we collect section.
We may share personal data with:
Helping to keep your personal data safe against loss, misuse, unauthorized access, disclosure, and alteration is our top priority.
To protect your personal data, we use technical, physical, and administrative security measures that include:
While we protect our systems and services, you’re responsible for keeping your password(s) and account information private. Also, you’re responsible for making sure your personal information is accurate and up to date.
We retain personal data for the time necessary to fulfil your request and our legal obligations. We may maintain personal data for longer periods if it is our legitimate business interests and not prohibited by law. If you no longer use our services, we may keep your personal data and other information as required by law and according to our data retention policy. If we do, we’ll continue to handle it as we describe in this statement.
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.
The parties mentioned above may be established in jurisdictions other than your own and outside the UK These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with UK data protection law, to protect your Personal Data. In particular, for transfers of EEA Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). For transfers of personal data from the UK, these are based on contractual protections such as the UK Addendum (approved by the Information Commissioner’s Office) to the EU standard contractual clauses, approved by the European Commission. Please contact us for more information about this.
If you make transactions with parties outside the UK or connect our Service with platforms, such as social media, outside the UK, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.
We’ll make changes to this privacy statement from time to time. This helps us stay up to date with changes to our business and the most current laws. After a new version is published, we’ll collect, store, use, and protect your personal data as we outline in that revised statement.
If the new version reduces your rights or increases your responsibilities, we’ll post it on the Policy Updates or Privacy Statement page of our website at least 21 days before it becomes effective.
We may also notify you about these changes through email or other communications.
Our services are for a general audience and are not directed at individuals under the age of majority. We do not knowingly collect information from children and individuals who are not legally able to use our services. If we realize that information has been collected from a child, we will move to promptly delete it, unless we are legally required to keep this information. You can help us by informing us if you believe that we have unintentionally collected information from a child, please contact us.
If you wish to learn more about our privacy practices, exercise your rights, or have questions about this Privacy Statement, please contact us following the instructions below. You can exercise your rights whether you use PayPal services or Braintree services (card payments made on a merchant’s website) by visiting PayPal’s website, and submitting your inquiry using the contact information provided in our privacy statement.
Users have the right to lodge a complaint with your local data protection authority, which in the UK is the Information Commissioner’s Office: website: https://ico.org.uk/, address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Our Data Protection Officer can be reached at PayPal UK Ltd, Whittaker House, Whittaker Avenue, Richmond-Upon-Thames, Surrey, United Kingdom, TW9 1EH.
Customers in the UK
In order to provide the PayPal Services, certain of the information we collect (as set out in this Privacy Statement) may be required to be transferred to other PayPal related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country.
Specifically, you acknowledge that PayPal may do any and all of the following with your information:
a. Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations and other third parties, including PayPal Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation laws implementing the US Foreign Account Tax Compliance Act (“FATCA”) and OECD Common Reporting Standard (“CRS”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, your funding source or credit or debit card provider).
If you are covered by FATCA or CRS, we are required to give you notice of the information about you that we may transfer to various authorities.
We and other organisations, including parties that accept PayPal, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us if you want to receive further details of the relevant fraud prevention agencies.
b. Disclose Account Information to intellectual property right owners if under the applicable law they have a claim against PayPal for an out-of-court information disclosure due to an infringement of their intellectual property rights for which PayPal Services have been used.
c. Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.
d. If you as a merchant use a third party to access or integrate PayPal, we may disclose to any such partner necessary information for the purpose of facilitating and maintaining such an arrangement (including, without limitation, the status of your PayPal integration, whether you have an active PayPal account and whether you may already be working with a different PayPal integration partner).
e. Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
f. Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Manchester. However, this aggregated information is not tied to personal information.