Last updated August 01, 2024
This privacy notice for Thankfully Fit with Bayley, LLC (
- Visit our website
at https://thankfullyfitwithbayley.com , or any website of ours that links to this privacy notice
- Download and use
our Facebook application , or any other application of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.hello@thankfullyfitwithbayley.com .
SUMMARY OF KEY POINTS
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information?
Do we collect any information from third parties?
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which
How do we keep your information safe? We have
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request
Want to learn more about what we do with any information we collect? Review the privacy notice in full.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
names
email addresses
phone numbers
usernames
passwords
billing addresses
debit/credit card numbers
Sensitive Information.
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored byPayPal Stripe Overview This Privacy Statement applies to PayPal and Xoom accounts and aims to provide you with information regarding our use of your Personal Information when you visit our website, apply for, or use our services, like Braintree and Zettle (collectively, the “Services”). We encourage you to read this Privacy Statement and to use it to help you make informed decisions. Certain capitalized terms that are not otherwise defined in the Statement are explained in the Definitions section below. We revise this Privacy Statement from time to time to reflect changes to our business, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the "Policy Updates" or "Privacy Statement" page of our website, otherwise the revised Privacy Statement will be effective as of the published effective date. If you are a new User or are receiving this Privacy Statement for the first time and there is an upcoming change described on the Policy Updates or Privacy Statement page at the time you receive this Privacy Statement, such upcoming change will apply to you on the indicated effective date. Non-Account Holders and Fastlane (formerly known as Connect) Profile Users Our Services may be accessed by individuals without a PayPal or Xoom account. We will collect Personal Information from you even if you are a non-account holder when you use our Services, such as when you use our Pay Without a PayPal account, use Unbranded Payment Services (e.g., Braintree and Zettle), use a Fastlane profile, or when a non-accountholder receives a payment through the Visa+ service from a PayPal account holder (“Recipient”). If you Pay Without a PayPal account, we may link your transaction information with your PayPal account, if you have one at the time you use the Service without logging in, or if you create a PayPal account later. With a Fastlane (formerly known as "Connect”) profile, individuals can store their payment methods and Personal Information with PayPal so that they can complete the checkout process faster at participating Partners and Merchants without having to manually input payment method details and Personal Information each time they checkout ("Fastlane"). When you create a Fastlane profile, you are agreeing to let PayPal store your Personal Information, including your name, email, phone number, address information, as well as billing information and payment method details, and pre-populate that information in the checkout flows of participating Partners and Merchants so that you can complete purchases faster by not having to manually input the information. We will also collect transaction data related to your purchases when you use Fastlane. The Visa+ Service enables eligible customers with a PayPal account to send and receive money to and from Venmo and third-party Visa+-enabled digital wallets (“Visa+”). When you shop on Partner and Merchant sites, the partner or merchant may disclose Personal Information with PayPal that we will use in accordance with this Privacy Statement and the relevant PayPal user agreement. Categories of Personal Information We Collect Categories of Personal Information collected from you, including from your interactions with us and use of the Services: Personal Identifiers: Such as name, Business Name, Address, Phone Number, Email, IP address, Device Information, Information collected from cookies or other tracking technologies, other information necessary to establish an account or profile Records and Financial Information: Such as, bank account and routing numbers, credit and debit card information, amount you send or request, other financial information Commercial Information: Such as online shopping cart information, shopping activity on merchant sites, purchase history, and order tracking and product information Geolocation: We may collect IP-based geolocation data and Global Positioning System (GPS) with your consent during your user experience or based on your mobile application settings. Internet or network activity: interactions with our Services, Information about response time for web pages, download errors, date and time when you used the service, Location Information, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies (“Technical Usage Data”) Biometric: When you consent in the user experience, we collect voice identification, photo identification, or face scans to verify your identity and authenticate you for certain actions related to your account, including, for example, verify your identity and authenticate you to meet regulatory requirements or before you access accounts and Services, recover passwords, update profile info, manage payments and payment methods, lift account limitations, and initiate cryptocurrency transfers. Audio, electronic, visual, or similar information: Call recordings when you talk to customer service Professional or employment information: including business information, job title, contact emails, phone numbers and taxpayer ID numbers Imported Contact Information: including name, address, phone number, images, email address or usernames associated with the contacts PayPal Account Profile Information: username, profile picture, gender, or personal description which you add that may include sensitive Personal Information. You can set your profile to “Private” at any time Information you provide when you contact us: Your response to surveys, recorded conversations, chat conversations with us, email correspondence with us, account or profile status, repayment history, voice identification, Information about others if you choose to share it with us Inferred data: We may infer information about you such as your preferences and shopping behavior, based on your transactions and interactions with our Services Characteristics of Protected Classifications: including age or date of birth, national origin, disability, citizenship, military status Sensitive Personal Information: Social Security number, government-issued identification, bank account and routing numbers, credit and debit card information, voice identification and Photo IDs or Precise Geolocation Information from your device: including, language settings, browser ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, data collected from cookies or other tracking technologies We may also obtain the above categories of Personal Information from the following categories of sources: PayPal Companies, including Venmo and PayPal Honey Third parties: including Service Providers, Partners and Merchants, Payment Partners, such as card networks and payment processors, Credit Reporting Agencies, Government Entities, Data Brokers, and Financial Institutions Linked Accounts: Non-financial or financial accounts you agree to link to PayPal, such as social network accounts, mail accounts or for open banking. You may change your mind about use of this feature and unlink your linked accounts at any time. If you choose to link these accounts or share such information with us, we will periodically collect and process it until you unlink the account Third Party Applications: Applications that you choose to use for example, the Apple App Store, Google Play Store, or social networking sites How is Personal Information used? We may process your Personal Information for a variety of reasons, including to provide our Services, for security and fraud prevention and to comply with law. We may also use personal data to participate in certain features, that while not necessary for use of the Services, may be of interest to you, such as syncing your contact list to your account, personalize content and offers, targeted advertising, or connecting to a third-party platform. Some of these features may require your consent. We may collect Personal Information to: Provide our Services: such as to help you send, receive or request money, initiate a payment, add monetary value to an account, pay a bill, administer your purchases, show you your Fastlane profile, account and payment information, send and receive Visa+ transactions, to assess your creditworthiness in connection with our Services, confirm your identity and your contact information, to authenticate your access to your account or Fastlane profile and to confirm your account or profile and financial information is accurate and up to date. For Visa+, we will receive the recipient's name and payment information from Visa and third-party Visa+ participating digital wallets for the purpose of processing and matching Visa+ payment transactions between participating digital wallets and PayPal. If you are using Fastlane, we will also use your Personal Information and payment method details to determine whether the payment you are making with a participating Partner or Merchant is authorized by you and likely to be successfully authorized by the payment method you choose to use when you make a purchase using details from your Fastlane profile. Provide receipts in connection with Zettle services: For buyers using our Zettle services, you may choose to provide us your contact details so that we can send you digital receipts. Manage and improve our Services: for example, to develop new products and features, for customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research, and statistical purposes. Manage fraud and risk: We conduct risk analysis, fraud prevention and risk management to protect our customers and business, including fraud that involves our Partners and Merchants and strategic ventures. Associate information about you: if you use our Services Without a PayPal account (e.g., Pay without a PayPal account), we may associate such transactions with your PayPal account if you have one or later establish an account. If you use one of the following Services: Fastlane, Venmo, and PayPal Honey; we may associate information about your transactions and experiences using these Services to personalize content and offers and improve your use of the PayPal services. Market our Services: We may use Personal Information to market our Services including where we partner with others to offer similar services to market about our Partners and Merchants. We use Personal Information, including when we Associate information about you, to better understand and cater to your interests. Communicate with you: We may contact you when you need us, such as answering a question you sent to our customer service team. Comply with Laws: to comply with applicable laws and rules and enforce our agreements with you and other people who use our Services. Process information about your contacts: to make it easy for you to find and connect them, improve payment accuracy and suggest connections with people you may know. By providing us with information about your contacts you certify that you have permission to provide that information to PayPal for the purposes described in this Privacy Statement. Create an account connection between your account and a third-party account or platform: such as with a social media account or a financial institution in connection with your participation in Open Banking. Send you locally relevant options: If you agree to let us track your location, we can enhance your security of our Services and customize our Services by using the right language and personalizing content such as providing location-based options, functionality or offers, ads and search results. Even if you don’t allow us to track your location, we may still use your address to send you location-based options recommended by businesses that are near to your address. Remember your preferences: We may remember your preferences for the next time you use the Services, such as whether you choose to receive digital receipts via email or text when you checkout. Personalize your experience: When you use Services, as well as other third-party sites and services, we might use tracking technologies like cookies. See our Cookie Statement for more details. Do We Disclose Personal Information, and why? We do not sell Personal Information to third parties for money or share your Personal Information for cross context behavioral advertising, including any Sensitive Personal Information. However, we will disclose your Personal Information with third parties to help us provide Services, protect our customers from risk and fraud, market our products, and comply with legal obligations. In addition, we may disclose Personal Information with: PayPal Companies, including Venmo to provide you with the Services, personalize your use of the Services, to manage our business; or with PayPal Honey to manage our Rewards program. Authorities, when accompanied by a subpoena or other legal documentation that requires PayPal or PayPal Companies to respond. Such authorities include courts, governments, law enforcement, and regulators. We may also be required to provide other third parties information about your use of our Services, for example to comply with card association rules, to investigate or enforce violations of our user agreement or to prevent physical harm or illegal activity. Other financial institutions, to jointly offer a product, such as PayPal Credit, PayPal Savings, PayPal Cashback Mastercard and PayPal Extra Mastercard. Card networks and payment processors, to facilitate payment processing or to add cards to your electronic wallet. For payment transactions with Fastlane, your Personal Information will be shared with the provider of the payment services for the participating Partner and Merchant to enable the processing of the payment transaction. The payment provider for the Partner and Merchant may be PayPal or a third party payment provider. Fraud prevention and identity verification agencies, for example to assist us in detecting activities suggestive of fraud. Credit reporting and debt collection agencies, for example to collect unpaid overdue debts through a third party such as a debt collection agency. Service providers that operate at our direction and on our behalf to perform services we outsource to them, such as processing payments, marketing, research, compliance, audits, corporate governance, communications, IT development, maintenance, hosting and support and customer service operations. Other PayPal Account Holders to complete a transaction. Some Personal Information is disclosed to other PayPal account holders as required to complete a payment transaction. This includes your username, profile photo, first and last name, email, and phone number. Other Users in accordance with your account settings. In accordance with your account settings or PayPal.Me preferences, your Personal Information can be seen by other account holders and non-account holders (“Users”) to help facilitate a transaction. For example, as part of the send money feature, a User may search for your account to initiate a payment. Based on your account settings, the information shown to other Users may include your username, profile photo, first and last name, email, phone number, city and state, month and year of PayPal account creation, and any additional information you include in the details or “about you” section of your account. Other Users if you have a business profile. If you have a business profile, we will display a payment link and disclose certain information about you to other Users, including your name or business name, profile picture or logo, and the city associated with your PayPal account, as well as total time selling with us, total number of followers, and total number of unique Users that have paid you in the past year. If you have a business profile, you can choose to display other information to other Users, such as your street address, phone number, email and website, in accordance with your business profile settings. Linked accounts, for example any social media accounts you asked us to link or when you link an account with another bank or financial institutions, card account, or aggregator in connection with your participation in Open Banking, so we can check if you have sufficient funds or confirm your ownership of the account. Partners and Merchants, their service providers and others involved in a transaction, for example when you use the Services to initiate online purchases, save your payment information with Fastlane, pay other Users using the Services, pay Recipients using Visa+, or return goods we may disclose information about you and your account or Fastlane profile with the other parties (or their service providers) involved in processing your transactions. We may also disclose Personal Information to Partners and Merchants to enable their use of our Services to facilitate your transactions. For example, when you visit a participating merchant site or app, the merchant can check whether you are a user of PayPal services and present a recommended payment method to you to simplify your checkout process. Please note that Personal Information disclosed to Partners and Merchants (or their service providers) involved in a transaction is subject to the Partners' and Merchants' own privacy policies and procedures. We may also disclose Personal Information to Partners and Merchants to enable their use of our Services with those Partners and Merchants. Other third parties, for example we disclose Personal Information to advertising platforms at your direction, or security service providers to help prevent unauthorized access to our Services. Please be aware that these parties’ privacy notice applies to the Personal Information that you share directly with them. For example, we use Google’s reCAPTCHA to prevent misuse of our Services, when you access our mobile application. We may also use Google Address Autofill to ensure accuracy of your address. Google’s Privacy Policy and Terms of Use apply to the Personal Information you share with them. Buyers or in connection with business transfer, for example if we are involved in a merger, a purchase or sale of all or part of our business or assets, including receivables and debts, we may disclose, under appropriate data protection terms, your Personal Information to an interested or actual buyer of those business or assets. If PayPal or a significant portion of PayPal’s assets are acquired by a third party, Personal Information may also be disclosed. We may disclose your sensitive personal information as appropriate to carry out legitimate business activities allowed by law. How long does PayPal store your Personal Information? We retain Personal Information for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law. The criteria used to determine our retention period is as follows: Personal Information used for the ongoing relationship between you and PayPal is stored for the duration of the relationship plus a period of 10 years, unless we need to keep it longer, such as: a legal obligation or compliance with laws to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations litigation, investigations, audit and compliance practices, or to protect against legal claims. We retain biometric data for as long as needed or permitted given the purpose for which it was collected and no more than 3 years after your account closes, unless otherwise required by applicable law. How Do We Use Cookies and Tracking Technologies? When you interact with our Services, open email we send you, or visit a third-party website for which we provide Services, we and our partners use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, “Cookies”) to recognize you as a user, customize your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across our Services. We use Cookies to collect your device information, internet activity information, and inferences as described above. You can disable or decline some cookies for our Services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use. Some web browsers have an optional setting called “Do Not Track” (DNT) that lets you opt-out of being tracked by advertisers and some third parties. Because many of our services won’t function without tracking data, we do not respond to DNT settings. If you want to know more about how we use cookies, please review our Statement on Cookies and Tracking Technologies to learn more about our use of Cookies. To learn how to opt-out of this kind of tracking technology, visit About Ads. Your Data Protection Rights Your rights to access, correction, deletion, and restriction to use or share your Personal Information. Under applicable data protection law, you have certain rights to how your Personal Information is collected, stored, used and shared. We recognize the importance of your ability to control the use of your Personal Information and provide several ways for you to exercise your rights to access (right to know), correction, deletion (erasure), and to restrict certain information (right to opt out of sharing and right to limit use and disclosure of sensitive personal information). We will not deny you services, charge you different prices, or provide you with a different level of service solely for exercising your privacy rights. If you are a California resident, learn more about how we have handled your Privacy Rights. How do you exercise your rights? If you, or an authorized agent, want to exercise any of your rights relating to your Personal Information, contact us or submit your request from your account settings. If you have a PayPal account, you can exercise your privacy rights by accessing “Data and Privacy” from account settings in the PayPal app. If you, or an authorized agent, want to exercise any of your rights relating to your Personal Information in your Fastlane profile, contact us or submit your request from your Fastlane profile management portal. Even if you do not have a PayPal account (for example, where you use Pay without a PayPal account), you can submit a request for access, correction, or deletion of your Personal Information by contacting us at the number provided in our Contact Information section. If you or an authorized agent submit a request, we’ll first need to verify who you are before we can respond to your request. We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will compare the information you submit against our internal business records to verify your identity. If we can’t verify your identity, we will not be able to fulfill your request. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. Your right to request a copy of the Personal Information. If you want to make a request to know about the data we’ve collected about you in the past 12 months, you have choices: Log in to your PayPal or Xoom account or Fastlane profile management portal and submit a request Call or contact us and request that we provide you with the data we’ve collected. Your right to correct your Personal Information: Log in to your PayPal or Xoom account or Fastlane profile management portal and correct information you previously added. For example, you can edit your addresses in your settings Call or contact us and request that we correct specific information Your right to delete your Personal Information: Log in to your PayPal or Xoom account or Fastlane profile management portal and delete information you previously added. For example, you may delete your non-primary addresses in your settings Call us or contact us and request that we delete specific information Close your PayPal or Xoom account or Fastlane profile If you close your PayPal or Xoom account or Fastlane profile or request that we delete Personal Information, we still need to keep some Personal Information as explained in How long does PayPal store your Personal Information section so we can: Complete a transaction, provide goods or services you requested, or comply with our promises to you in the user agreement or other contract you have with us Detect and prevent malicious, fraudulent, or illegal activity Protect your (or another person’s) legal rights, including the right to free speech Manage our internal business processes that are reasonably related to your expectations when using our Services Comply with laws and other legal or governmental processes California also offers a right to opt out of “Selling” and “Sharing” Personal Information. Global Privacy Control setting is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. PayPal does not respond to these settings because we do not sell or share data. Some Personal Information collected, processed, or disclosed by a financial institution are subject to federal laws, such as the Gramm-Leach-Bliley Act. Consumers may read our Consumer Privacy Notice for more information about their rights under US federal law. Understanding your choices You can control how Personal Information is collected or disclosed, as well as how we communicate with you. Here are some of the ways you can customize your choices. Choose how we collect Personal Information You may choose to limit the Personal Information you provide when our apps or Services request it. To help make choices that are right for you, it’s important to understand that Personal Information helps us provide a richer, more personalized experience for you. Also, some Personal Information is required for our Services to function at all. For example, sharing your contacts helps make it easier for you to find the people you want to send money to. If you choose not to share your contacts with us, you can still use our mobile apps, but some actions may not be as fast or easy as it would be if shared your contacts. Another example is creating an account or Fastlane profile with us. If you choose not to provide information that is required for an account or Fastlane profile to function, like your name and email address, we will not be able to create an account or Fastlane profile for you. Choose how linked accounts collect and use Personal Information If you link your account to a third-party service, you may be able to manage how your Personal Information is collected, used, and shared by them. Read the third parties’ privacy policies to see the choices they offer you. You can control which third-party services you link to your account and what Personal Information they can collect about you. For example, to manage the permissions, go to the Security settings in your PayPal account. Choose what we disclose with other Users Some Personal Information may be seen by other Users. You may be able to adjust or turn off this setting in the privacy section in your account settings. Choose how we communicate with you Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered. Some messages are considered optional, and some are necessary for you to manage your accounts or Fastlane profile with us. We use email, text messages, push notifications on your mobile device, and even phone calls or paper mail depending on the situation and your preferences. You can click the unsubscribe link in a PayPal or Fastlane marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device. You can also change your account’s notification settings or the notification preferences on your device. You won’t be able to opt out of messages that are considered necessary for the Services, such as digital receipts and emails that alert you to changes in your account or Fastlane profile's status. You may be able to decide how we send those messages, such as by email, phone, text message, or a notification on your mobile device. How Do We Protect Your Personal Information? We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and account/Fastlane profile registration information and verifying that the Personal Information we maintain about you is accurate and current. We are not responsible for protecting any Personal Information that we share with a third-party based on a linked account connection that you have authorized. Can Children Use Our Services? We do not knowingly collect information, including Personal Information, from children under the age of 13 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal Information from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services. We do not sell to third parties for money or share Personal Information of anyone under 16 years of age for cross context behavioral advertising. Definitions Device Information means data that can be automatically collected from any device used to access the Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about your device’s web browser and internet connection you use to access the Services; Geolocation Information; information about apps downloaded to your device. Geolocation Information means information that identifies, with precise specificity, your location by using, for instance, longitude and latitude coordinates obtained through your GPS, or your device settings. Location Information means information that identifies, with reasonable specificity, your approximate location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation. Partners and Merchants means our partners and the merchants, partners or businesses that our Users transact with for the purpose of obtaining goods or services. Pay Without a PayPal account means our Services may be accessed by individuals without using a PayPal account, a Fastlane profile, or the Unbranded Payment Services. PayPal means PayPal, Inc. which offers PayPal, Braintree, Xoom, Zettle and Fastlane profile services. PayPal Companies means companies or separate brands, affiliates or subsidiaries of PayPal, and who process Personal Information in accordance with their terms of service and privacy statements. Examples include Venmo, Honey Science LLC, Chargehound LLC, Hyperwallet, Simility, Swift Financial LLC, and Bill Me Later, Inc. Personal Information in this Privacy Statement means information about you, including your identity, finances and online behavior. Sell under California law is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. Services means any PayPal, Unbranded Payment Services, Pay Without a PayPal account, Fastlane, Xoom, Zettle, bill pay, Rewards, sending or receiving money, credit products and services, content, features, technologies, or functions, and all related websites, applications and services offered to you by PayPal. Your use of the Services includes use of our Sites. Sharing under California law is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. Sites means the websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services and which has posted or linked to this Privacy Statement. Unbranded Payment Services means when you are interacting with and making payments to Partners and Merchants using our card processing services that do not carry the PayPal brand or when you use our Braintree or Zettle services. Our Contact Information If you have questions about this Privacy Statement or your Personal Information, contact us so we can help. To talk about your PayPal account or Unbranded Payment Services: Call PayPal Customer Service at 1-888-221-1161 or visit our Customer Service web portal To talk about your Fastlane profile: Call PayPal Customer Service at 1-844-705-3555 Or visit your Fastlane profile management portal To talk about your Xoom account: Call Xoom Customer Service at 1-877-815-1531 or visit our Help Center web portal California Privacy Notice of Collection Under the laws of California and certain other US states (i.e., Virginia), we are required to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information. Under California law, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We do not sell or share your Personal Information, including any Sensitive Personal Information. We also do not sell or share and have no actual knowledge that we have sold or shared any Personal Information of anyone under 16 years of age. For more information about each category, purpose of use, and the third parties to which we disclose information, please see the “Categories of Personal Information We Collect”, “How is Personal Information used,” and “Do We Disclose Personal Information” sections. Categories of Personal Information Purpose of Collection Categories of 3rd Parties to which PayPal discloses this Personal Information for Business Purpose Identifiers Provide Services Communicate with you Link an account Manage and improve our Services Manage fraud and risk Market our Services Comply with laws Process information about your contacts Communicate with you Provide receipts in connection with Zettle services Remember your preferences Associate information about you PayPal and PayPal Companies Authorities Other financial institutions Card Networks and Payment Processors Fraud prevention and identity verification agencies Credit Reporting Agencies Service providers Other Users in accordance with account settings Linked Accounts Partners and Merchants Other third parties Buyers in connection with a business transfer Records and Financial Information Provide Services Communicate with you Link an account Keep your account and Fastlane profile and financial information up to date Manage and improve our Services Manage fraud and risk Market our Services Personalize your experience Provide personalized Services Comply with Laws Process information about your contacts Communicate with you PayPal and PayPal Companies Authorities Other financial institutions Card Networks and Payment Processors Fraud prevention and identity verification agencies Credit Reporting Agencies Service Providers, other Other Users in accordance with account settings Linked Accounts Partners and Merchants Other third parties for business purposes Buyers in connection with a business transfer Commercial information Provide Services Communicate with you Manage and improve our Services Manage fraud and risk Market our Services Comply with Laws Remember your preferences Associate information about you PayPal and PayPal Companies Service Providers Authorities Other financial institutions Partners and Merchants Other third parties Buyers or in connection with business transfer Other Users if you have a business profile Geolocation Data Send you location-based options Manage fraud and risk Authorities PayPal and PayPal Companies Service Providers Other financial institutions Partners and Merchants Internet or network activity Operate and provide Services, Communicate with you Manage and improve Services Market our Services Send you locally relevant options Comply with law PayPal and PayPal Companies Service Providers Other financial institutions Partners and Merchants Authorities Biometric Authenticate you for certain actions related to your account, including to: meet regulatory requirements or before you access accounts and services recover passwords update profile info manage payments and payment methods lift account limitations initiate third-party crypto currency transfers Service Providers Audio, electronic, visual, or similar information Provide Services Authenticate your access to an account or Fastlane profile Manage and improve Services Manage fraud and risk Service Providers PayPal and PayPal Companies Merchants and Partners Authorities Professional or employment information Provide Services Manage fraud and risk Service Providers PayPal and PayPal Companies Merchants and Partners Authorities Other financial institutions Information about your imported contacts Provide Services Service Providers Information in your PayPal or Xoom account or Fastlane profile Provide Services Service Providers PayPal and PayPal Companies Merchants and Partners Authorities Other financial institutions Information you provide when you contact us Provide Services Authenticate your access to an account or Fastlane profile Manage and improve Services Manage fraud and risk Service Providers PayPal and PayPal Companies Merchants and Partners Authorities Inferred data Provide Services Manage fraud and risk Market our Services Display content based on your interest Better respond to your requests or inquiries or for similar customer service issues Verify your identity Conduct risk assessment PayPal and PayPal Companies Service Providers Other financial institutions Merchants and Partners Authorities Sensitive Personal Information Provide Services Manage fraud and risk PayPal and PayPal Companies Service Providers Other financial institutions Merchants and Partners Authorities Buyers or in connection with business transfer Characteristics of Protected Classifications Provide our Services Manage risk PayPal and PayPal Companies Service Providers Authorities Information from your device Provide Services Manage and improve our Services Manage fraud and risk Communicate with you Link an account Market our Services Personalize your experience Comply with laws PayPal and PayPal Companies Service Providers Other financial institutions Merchants and Partners Authorities US Consumer Privacy Notice The following Consumer Privacy Notice applies to you if you are an individual who resides in the United States and uses PayPal Services for your own personal, family, or household purposes. This Consumer Privacy Notice does not apply to Unbranded Payment Services. Rev. January 2023 FACTS WHAT DOES PAYPAL DO WITH YOUR PERSONAL INFORMATION? Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. What? The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and account balances Payment history or transaction history Credit history or credit scores When you are no longer our customer, we continue to share your information as described in this notice. How? All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons PayPal chooses to share; and whether you can limit this sharing. Reasons we can share your personal information Does PayPal share? Can you limit this sharing? For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No For our marketing purposes – to offer our products and services to you Yes No For joint marketing with other financial companies Yes No For our affiliates’ everyday business purposes – information about your transactions and experiences Yes No For our affiliates’ everyday business purposes – information about your creditworthiness No We don’t share For our affiliates to market to you No We don’t share For nonaffiliates to market to you No We don’t share Questions? Call our customer service at 1-888-221-1161or visit us at /smarthelp/contact-us/privacy. Who we are Who is providing this Privacy Statement? This privacy notice is provided by PayPal, Inc. and is applicable to your personal U.S. PayPal and Xoom accounts, and Fastlane profile. What we do How does PayPal protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. How does PayPal collect my personal information? We collect your personal information, for example, when you open an account or provide account information use your credit or debit card or give us your contact information use your PayPal and/or Xoom account to send or receive funds We also collect your personal information from others, such as credit bureaus, affiliates, or other companies. Why can’t I limit all sharing? Federal law gives you the right to limit only sharing for affiliates’ everyday business purposes — information about your creditworthiness affiliates from using your information to market to you sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing. See below for more information on your rights under state law. Definitions Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies. Our affiliates include Bill Me Later, Inc. Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies. Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf. Joint Marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Our joint marketing partners include financial companies and banks. Other important information We may transfer personal information to other countries, for example, for customer service or to process transactions. California: The California Consumer Privacy Act of 2018 (CCPA) permits consumers who are California residents to ask businesses covered under the CCPA about personal information it has collected about the consumer, submit an access or deletion request, and opt-out of the sale of personal information, if applicable. These provisions do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to federal law such as the Gramm-Leach-Bliley Act. Contact us if you have questions about our privacy statement, this consumer notice, or your personal information. If your PayPal or Xoom account or Fastlane profile has a California mailing address, we will not share personal information we collect about you except to the extent permitted under California law. To talk about your PayPal account, call PayPal Customer Service at 1-888-221-1161 or visit our Customer Service web portal. To talk about your Xoom account, call Xoom Customer Service at 1-877-815-1531 or visit our Help Center web portal. To talk about your Fastlane profile, call PayPal Customer Service at 1-844-705-3555 or visit your Fastlane profile management portal. Vermont: If your PayPal or Xoom account or Fastlane profile has a Vermont mailing address, We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. Additional information concerning our privacy policies can be found at Customer Service web portal or call 1-888-221-1161 Nevada: If your PayPal or Xoom account or Fastlane profile has a Nevada mailing address, we are providing this notice pursuant to Nevada law. If you prefer not to receive marketing calls from PayPal, you may be placed on our internal Do Not Call List by calling 1-888-221-1161 or going to /smarthelp/home. For more information, you can contact PayPal at 12312 Port Grace Blvd, La Vista, NE 68128 or you can contact the Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; telephone number: 1-702-486-3132; email: Aginfo@ag.nv.gov Privacy Policy Last updated: January 16, 2024 This Privacy Policy includes important information about your personal data and we encourage you to read it carefully. Welcome We provide financial infrastructure for the internet. Individuals and businesses of all sizes use our technology and services to facilitate purchases, accept payments, send payouts, and manage online businesses. This Privacy Policy (“Policy”) describes the Personal Data we collect, how we use and share it, along with details on how you can reach out to us with privacy-related inquiries. Additionally, the Policy outlines your rights as a data subject and choices you have, including the right to object to certain usages of your Personal Data by us. For further information about our privacy practices, including our Supplemental U.S. Notice, please refer to our Privacy Center. In this Policy, “Stripe”, “we”, “our,” or “us” refers to the Stripe entity responsible for the collection, use, and handling of Personal Data as described in this document. Depending on your jurisdiction, the specific Stripe entity accountable for your Personal Data might vary. Learn More. “Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and we collect about you during your interaction with our Services (such as device information, IP address, etc.). “Services” refer to the products and services provided by Stripe under the Stripe Services Agreement and the Stripe Consumer Terms of Service. This may include devices and applications provided by Stripe. Our “Business Services” are services that we provide to entities (“Business Users”) that directly and indirectly provide us with “End Customer” Personal Data in connection with their own business operations and activities. Our “End User Services” are those that Stripe provides directly to individuals for their personal use. “Sites” refer to Stripe.com, Link.com, and other Stripe websites, apps, and online services. Collectively, we refer to Sites, Business Services, and End User Services as “Services.” “Financial Partners” are financial institutions, banks, and other partners such as payment method acquirers, payout providers, and card networks that we partner with to provide the Services. Depending on the context, “you” might be an End Customer, End User, Representative, or Visitor: When you use an End User Service for personal use, such as signing up for Link, we refer to you as an “End User.” When you do business with, or otherwise engage in a transaction with a Business User, such as buying a pair of shoes from a Business User using Stripe Checkout for payment processing, but are not directly transacting with Stripe, we refer to you as an “End Customer.” When you are acting on behalf of an existing or potential Business User—perhaps as a company founder, account administrator for a Business User, or a recipient of an employee credit card from a Business User via Stripe Issuing—we categorize you as a “Representative.” When you interact with Stripe by visiting a Site without being logged into a Stripe account, or when your interaction with Stripe does not involve you being an End User, End Customer, or Representative, you are considered a “Visitor.” For example, you are a Visitor when you send a message to Stripe asking for more information about our Services. In this Policy, “Transaction Data” refers to data collected and used by Stripe to facilitate transactions you request. Some Transaction Data is Personal Data and may include: your name, email address, contact number, billing and shipping address, payment method information (like credit or debit card number, bank account details, or payment card image chosen by you), merchant and location details, amount and date of purchase, and in some instances, information about what was purchased. Depending on the activity, Stripe assumes the role of a “data controller” and/or “data processor” (or “service provider”) based on the activity. For more details about our role, the specific Stripe entity responsible under this Policy, and our legal bases for processing your Personal Data, please visit our Privacy Center. 1. Personal Data that we collect and how we use and share it 2. More ways we collect, use and share Personal Data 3. Legal bases for processing data 4. Your rights and choices 5. Security and retention 6. International data transfers 7. Updates and notifications 8. Jurisdiction-specific provisions 9. Contact us 10. US Consumer Privacy Notice 1. Personal Data we collect and how we use and share it Our collection and use of Personal Data differs based on whether you are an End User, End Customer, Representative, or Visitor, and the specific Service being utilized. For example, if you're a sole proprietor who wants to use our Business Services, we may collect your Personal Data to onboard your business; at the same time, you might also be an End Customer if you've bought goods from another Business User utilizing our Services for payment processing. You could be an End User if you used our End User Service, such as Link, for those transactions. 1.1 End Users We provide End User Services when we provide the Services directly to you for your personal use (e.g., Link). Additional details regarding our collection, usage, and sharing of End User Personal Data, including the legal bases we rely on for processing such data, can be found in our Privacy Center. a. Personal Data we collect about End Users Using Link or Connecting your bank account. Stripe offers a service called "Link," which allows you to store your payment methods with Stripe to conveniently use them across our Business Users. When you sign up for Link, you agree to store your Personal Data (such as name, contact information, payment method details) with Stripe. This will allow for a more streamlined purchasing experience when using Link in the future. If you choose to pay with Link, we will also collect Transaction Data associated with your transactions. Learn More. Should you decide to share your bank account information (including to make payments using your bank account via Link) with us, Stripe will periodically collect and process your account information (such as bank account owner information, account balances, account number and details, account transactions, and, in some cases, log-in credentials). You can ask us to cease the collection of such data at any time. Learn More. You may also choose to store your identity documents (such as your driver’s license) using Link and share the saved document with other Business Users in the future. Paying Stripe. When you purchase goods or services directly from Stripe, we receive your Transaction Data. For instance, when you make a payment to Stripe Climate, we collect information about the transaction, as well as your contact and payment method details. Identity/Verification Services. We offer an identity verification service that automates the comparison of your identity document (such as a driver’s license) with your image (such as a selfie). You can separately consent to us using your biometric data to enhance our verification technology, with the option to revoke your consent at any time. Learn More. More. For further information about other types of Personal Data that we may collect about End Users, including about your online activity and your engagement with our End User Services, please see the More ways we collect, use, and share Personal Data section below. b. How we use and share Personal Data of End Users Services. We use and share your Personal Data to provide the End User Services to you, which includes support, personalization (such as language preferences and setting choices), and communication about our End User Services (such as communicating Policy updates and information about our Services). For example, Stripe may use cookies and similar technologies or the data you provide to our Business Users (such as when you input your email address on a Business User’s website) to recognize you and help you use Link when visiting our Business User’s website. Learn more about how we use cookies and similar technologies in Stripe’s Cookie Policy. Our Business Users. When you use Link to make payments, we share your Transaction Data with the Business Users you choose to do business with. Learn More. Furthermore, when you opt to connect your bank account with Stripe, you can also direct Stripe to share your account information with Business Users you do business with. Please note that these Business Users have their own privacy policies, which should describe how they use the information shared with them. Transactions. When you use Link to make payments, we use your Personal Data (such as name, contact information, payment method details) saved with us to complete transactions with Stripe Business Users. We provide such data to Business Users and others you do business with and process it as a Data Processor for those Business Users, as detailed in Section 1.2 of this Policy. Fraud Detection and Loss Prevention. We use your Personal Data collected across our Services (such as Stripe Radar) to detect fraud and prevent financial losses for you, us, and our Business Users and Financial Partners, including detecting unauthorized purchases. We may provide Business Users and Financial Partners that utilize our fraud prevention-related Business Services with Personal Data about you (including your attempted transactions) so that they can assess the fraud or loss risk associated with the transaction. Learn more about how we may use technology to assess the fraud risk associated with an attempted transaction and what information we share with Business Users and Financial Partners here and here. Advertising. We may use your Personal Data to assess your eligibility for, and offer you, other End User Services or promote existing End User Services. Where allowed by law (including with your opt-in consent where required), we use and share End User Personal Data with others so that we may market our End User Services to you, including through interest-based advertising. We do not transfer your Personal Data to third parties in exchange for payment, but we may provide your data to third party partners, such as advertising partners, analytics providers, and social networks, who assist us in advertising our Services to you. Learn more. More. For further information about additional ways by which we may use and share End Users' Personal Data, please see the More ways we collect, use, and share Personal Data section below. 1.2 End Customers Stripe provides various Business Services to our Business Users, which include in-person or online checkout payment processing or processing payouts for those Business Users. When acting as a service provider—also referred to as a data processor—for a Business User, we process End Customer Personal Data in accordance with our agreement with the Business User and the Business User's lawful instructions. This happens, for example, when we process a payment for a Business User because you purchased a product from them, or when the Business User asks us to send you funds. Business Users are responsible for ensuring that the privacy rights of their End Customers are respected, including obtaining appropriate consents and making disclosures about their own data collection and use associated with their products and services. If you're an End Customer, please refer to the privacy policy of the Business User you're doing business with for its privacy practices, choices, and controls. We provide more comprehensive information about our collection, use, and sharing of End Customer Personal Data in our Privacy Center, including the legal bases we rely on for processing your Personal Data. a. Personal Data we collect about End Customers Transaction Data. If you're an End Customer making payments to, receiving refunds from, initiating a purchase or donation, or otherwise transacting with our Business User, whether in-person or online, we receive your Transaction Data. We may also receive your transaction history with the Business User. Learn More. Additionally, we may collect information entered into a checkout form even if you opt not to complete the form or transact with the Business User. Learn More. A Business User who utilizes Stripe’s Terminal Service to provide its goods or services to End Customers may use the Terminal Service to collect End Customer Personal Data (like your name, email, phone number, address, signature, or age) in accordance with its own privacy policy. Identity/Verification Information. Stripe provides a verification and fraud prevention Service that our Business Users can use to verify Personal Data about you, such as your authorization to use a particular payment method. During the process, you’d be asked to share with us certain Personal Data (like your government ID and selfie for biometric verification, Personal Data you input, or Personal Data that is apparent from the physical payment method like a credit card image). To protect against fraud and determine if somebody is trying to impersonate you, we may cross-verify this data with information about you that we've collected from Business Users, Financial Partners, business affiliates, identity verification services, publicly available sources, and other third party service providers and sources. Learn More. More. For further information about other types of Personal Data that we may collect about End Customers, including about your online activity, please see the More ways we collect, use, and share Personal Data section below. b. How we use and share Personal Data of End Customers To provide our Business Services to our Business Users, we use and share End Customers' Personal Data with them. Where allowed, we also use End Customers' Personal Data for Stripe’s own purposes such as enhancing security, improving and offering our Business Services, and preventing fraud, loss, and other damages, as described further below. Payment processing and accounting. We use your Transaction Data to deliver Payment-related Business Services to Business Users, including online payment transactions processing, sales tax calculation, invoice and bill handling, and helping them determine their revenue, settle their bills, and execute accounting tasks. Learn More. We may also use your Personal Data to provide and improve our Business Services. During payment transactions, your Personal Data is shared with various entities in connection to your transaction. As a service provider or data processor, we share Personal Data to enable transactions as directed by Business Users. For instance, when you choose a payment method for your transaction, be it a credit card, debit card, Buy Now Pay Later, or direct debit, your payment method provider may receive your Transaction Data from transactions facilitated by Stripe. The Business User you choose to do business with also receives Transaction Data and might share the data with others. Please review their privacy policies for more information about how they use and share your Personal Data. Financial services. Certain Business Users leverage our Services to offer financial services to you via Stripe or our Financial Partners. For example, a Business User may issue a card product with which you can purchase goods and services. Such cards could carry the brand of Stripe, the bank partner, and/or the Business User. In addition to any Transaction Data we may generate or receive when these cards are used for purchases, we also collect and utilize your Personal Data to provide and manage these products, including assisting our Business Users in preventing misuse of the cards. Please review the privacy policies of the Business User and, if applicable, our bank partners associated with the financial service (the brands of which may be shown on the card) for more information. Identity/Verification services. We utilize Personal Data about your identity, including information provided by you and our service providers, to perform verification services for Stripe or for the Business Users that you are transacting with, to prevent fraud and enhance security. If you provide a selfie along with an image of your identity document, we may employ biometric technology to compare and calculate whether they match and verify your identity. Learn More. Fraud detection and loss prevention. We use your Personal Data collected across our Services to detect and prevent losses for you, us, our Business Users, and Financial Partners. We may provide Business Users and Financial Partners using our fraud prevention-related Business Services with your Personal Data (including your attempted transactions) to help them assess the fraud or loss risk associated with the transaction. Learn more about how we may use technology to assess the fraud risk associated with an attempted transaction and what information we share with Business Users and Financial Partners here and here. Our Business Users (and their authorized third parties). We share End Customers' Personal Data with their respective Business Users and parties directly authorized by those Business Users to receive such data. Here are common examples of such sharing: When a Business User instructs Stripe to provide another Business User with access to its Stripe account, including data related to its End Customers, via Stripe Connect. Sharing information that you have provided to us with a Business User so that we can send payments to you on behalf of that Business User. Sharing information, documents, or images provided by an End Customer with a Business User when the latter uses Stripe Identity, our identity verification Service, to verify the identity of the End Customer. The Business Users you choose to do business with may further share your Personal Data with third parties (like additional third party service providers other than Stripe). Please review the Business User’s privacy policy for more information. Advertising by Business Users. If you initiate a purchasing process with a Business User, the Business User receives your Personal Data from us in connection with our provision of Services even if you don't finish your purchase. The Business User may use your Personal Data to market and advertise their products or services, subject to the terms of their privacy policy. Please review the Business User’s privacy policy for more information, including your rights to stop their usage of your Personal Data for marketing purposes. More. For further information about additional ways by which we may use and share End Customers' Personal Data, please see the More ways we collect, use, and share Personal Data section below. 1.3 Representatives We collect, use, and share Personal Data from Representatives of Business Users (for example, business owners) to provide our Business Services. For more information about how we collect, use, and share Personal Data from Representatives, as well as the legal bases we rely on for processing such Personal Data, please visit our Privacy Center. a. Personal Data we collect about Representatives Registration and contact information. When you register for a Stripe account for a Business User (including incorporation of a Business), we collect your name and login credentials. If you register for or attend an event organized by Stripe or sign up to receive Stripe communications, we collect your registration and profile data. As a Representative, we may collect your Personal Data from third parties, including data providers, to advertise, market, and communicate with you as detailed further in the More ways we collect, use, and share Personal Data section below. We may also link a location with you to tailor the Services or information effectively to your needs. Learn More. Identification Information. As a current or potential Business User, an owner of a Business User, or a shareholder, officer, or director of a Business User, we need your contact details, such as name, postal address, telephone number, and email address, to fulfill our Financial Partner and regulatory requirements, verify your identity, and prevent fraudulent activities and harm to the Stripe platform. We collect your Personal Data, such as ownership interest in the Business User, date of birth, government-issued identity documents, and associated identifiers, as well as any history of fraud or misuse, directly from you and/or from third parties such as credit bureaus and via the Services we provide. Learn More. You may also choose to provide us with bank account information. More. For further information about other types of Personal Data that we may collect about Representatives, including your online activity, please see the More ways we collect, use, and share Personal Data section below. b. How we use and share Personal Data of Representatives We typically use the Personal Data of Representatives to provide the Business Services to the corresponding Business Users. The ways we use and share this data are further described below. Business Services. We use and share Representatives’ Personal Data with Business Users to provide the Services requested by you or the Business User you represent. In some instances, we may have to submit your Personal Data to a government entity to provide our Business Services, for purposes such as the incorporation of a business, or calculating and paying applicable sales tax. For our tax-related Business Services, we may use your Personal Data to file taxes on behalf of the Business User you represent. For our Atlas business incorporation Services, we may use your Personal Data to submit forms to the IRS on your behalf and file documents with other government authorities, such as articles of incorporation in your state of incorporation. We share Representatives’ Personal Data with parties specifically authorized by the corresponding Business User, such as Financial Partners servicing a financial product, or third party apps or services the Business User chooses to use alongside our Business Services. Here are common examples of such sharing: Payment method providers, like Visa or WeChat Pay, require information about Business Users and their Representatives who accept their payment methods. This information is typically required during the onboarding process or for processing transactions for these Business Users. Learn More. A Business User may authorize Stripe to share your Personal Data with other Business Users to facilitate the provision of Services through Stripe Connect. The use of Personal Data by a third party authorized by a Business User is subject to the third party’s privacy policy. If you are a Business User who has chosen a name that includes Personal Data (for example, a sole proprietorship or family name in a company name), we will use and share such information for the provision of our Services in the same way we do with any company name. This may include, for example, displaying it on receipts and other transaction-identifying descriptions. Fraud detection and loss prevention. We use Representatives’ Personal Data to identify and manage risks that our Business Services might be used for fraudulent activities causing losses to Stripe, End Users, End Customers, Business Users, Financial Partners, and others. We also use information about you obtained from third parties like credit bureaus and from our Services to address such risks, including to identify patterns of misuse and monitor for terms of service violations. Stripe may share Representatives' Personal Data with Business Users, our Financial Partners, and third party service providers to verify the information provided by you and identify risk indicators. Learn More. We also use and share Representatives' Personal Data to conduct due diligence, including conducting anti-money laundering and sanctions screening in accordance with applicable law. Advertising. Where allowed by applicable law, we use and share Representatives’ Personal Data with third parties so we can advertise and market our Services. Subject to applicable law, including any consent requirements, we may advertise through interest-based advertising and track the efficacy of such ads. See our Cookie Policy. We do not transfer your Personal Data to third parties in exchange for payment. However, we may provide your data to third party partners, like advertising partners, analytics providers, and social networks, who assist us in advertising our Services. Learn more. We may also use your Personal Data, including your Stripe account activity, to evaluate your eligibility for and offer you Business Services or promote existing Business Services. Learn more. More. For further information about additional ways by which we may use and share Representatives’ Personal Data, please see the More ways we collect, use, and share Personal Data section below. 1.4 Visitors We collect, use, and share the Personal Data of Visitors. More details about how we collect, use, and share Visitors’ Personal Data, along with the legal bases we rely on for processing such Personal Data, can be found in our Privacy Center. a. Personal Data we collect about Visitors When you browse our Sites, we receive your Personal Data, either provided directly by you or collected through our use of cookies and similar technologies. See our Cookie Policy for more information. If you opt to complete a form on the Site or third party websites where our advertisements are displayed (like LinkedIn or Facebook), we collect the information you included in the form. This may include your contact information and other information pertaining to your questions about our Services. We may also associate a location with your visit. Learn More. More. Further details about other types of Personal Data that we may collect from Visitors, including your online activity, can be found in the More ways we collect, use, and share Personal Data section below. b. How we use and share Personal Data of Visitors Personalization. We use the data we collect from cookies and similar technologies about you to measure user engagement with the content on the Sites, improve relevancy and navigation, customize your user experience (such as language preference and region-specific content), and curate content about Stripe and our Services that's tailored to you. For instance, as not all of our Services are available globally, we may customize our responses based on your region. Advertising. Where allowed by applicable law, we use and share Visitors’ Personal Data with third parties so we can advertise and market our Services. Subject to applicable law, including any consent requirements, we may advertise through interest-based advertising and track the efficacy of such ads. See our Cookie Policy. We do not transfer your Personal Data to third parties in exchange for payment. However, we may provide your data to third party partners, like advertising partners, analytics providers, and social networks, who assist us in advertising our Services. Learn more. Engagement. As you interact with our Sites, we use the information we collect about and through your devices to provide opportunities for further interactions, such as discussions about Services or interactions with chatbots, to address your questions. More. For further information about additional ways by which we may use and share Visitors’ Personal Data, please see the More ways we collect, use, and share Personal Data section below. 2. More ways we collect, use, and share Personal Data In addition to the ways described above, we also process your Personal Data as follows: a. Collection of Personal Data Online Activity. Depending on the Service used and how our Business Services are implemented by the Business Users, we may collect information related to: The devices and browsers you use across our Sites and third party websites, apps, and other online services (“Third Party Sites”). Usage data associated with those devices and browsers and your engagement with our Services, including data elements like IP address, plug-ins, language preference, time spent on Sites and Third Party Sites, pages visited, links clicked, payment methods used, and the pages that led you to our Sites and Third Party Sites. We also collect activity indicators, such as mouse activity indicators, to help us detect fraud. Learn More. See also our Cookie Policy. Communication and Engagement Information. We also collect information you choose to share with us through various channels, such as support tickets, emails, or social media. If you respond to emails or surveys from Stripe, we collect your email address, name, and any other data you opt to include in your email or responses. If you engage with us over the phone, we collect your phone number and any other information you might provide during the call. Additionally, we collect your engagement data, like your registration for, attendance at, or viewing of Stripe events and any other interactions with Stripe personnel. Forums and Discussion Groups. If our Sites allow posting of content, we collect Personal Data that you provide in connection with the post. b. Use of Personal Data. Besides the use of Personal Data described above, we use Personal Data in the ways listed below: Improving and Developing our Services. We use analytics on our Sites to help us understand your use of our Sites and Services and diagnose technical issues. Please review our Cookie Policy to learn more about how you can control our use of cookies and third party analytics. We also collect and process Personal Data throughout our various Services, whether you are an End User, End Customer, Representative, or Visitor, to improve our Services, develop new Services, and support our efforts to make our Services more relevant and useful to you. Learn More. Communications. We use the contact information we have about you to deliver our Services, which may involve sending codes via SMS for your authentication. Learn More. If you are an End User, Representative, or Visitor, we may communicate with you using the contact information we have about you to provide information about our Services and our affiliates’ services, invite you to participate in our events, surveys, or user research, or otherwise communicate with you for marketing purposes, in compliance with applicable law, including any consent or opt-out requirements. For example, when you provide your contact information to us or when we collect your business contact details through participation at trade shows or other events, we may use this data to follow up with you regarding an event, provide information requested about our Services, and include you in our marketing information campaigns. Where permitted under applicable law, we may record our calls with you to provide our Services, comply with our legal obligations, perform research and quality assurance, as well as for training purposes. Social Media and Promotions. If you opt to submit Personal Data to engage in an offer, program, or promotion, we use the Personal Data you provide to manage the offer, program, or promotion. We also use the Personal Data you provide, along with the Personal Data you make available on social media platforms, for marketing purposes, unless we are not permitted to do so. Fraud Prevention and Security. We collect and use Personal Data to help us identify and manage activities that could be fraudulent or harmful across our Services, enable our fraud detection Business Services, and secure our Services and transactions against unauthorized access, use, alteration or misappropriation of Personal Data, information, and funds. As part of the fraud prevention, detection, security monitoring, and compliance efforts for Stripe and its Business Users, we collect information from third parties (such as credit bureaus) and via the Services we offer. In some instances, we may also collect information about you directly from you, or from our Business Users, Financial Partners, and other third parties for the same purposes. Furthermore, to protect our Services, we may receive details such as IP addresses and other identifying data about potential security threats from third parties. Learn More. Such information helps us verify identities, conduct credit checks where lawfully permitted, and prevent fraud. Additionally, we might use technology to evaluate the potential risk of fraud associated with individuals seeking to procure our Business Services or arising from attempted transactions by an End Customer or End User with our Business Users or Financial Partners. Compliance with Legal Obligations. We use Personal Data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer ("KYC") laws, anti-terrorism activities, safeguarding vulnerable customers, export control, and prohibition of doing business with restricted persons or in certain business fields, among other legal obligations. For example, we may monitor transaction patterns and other online signals and use those insights to identify fraud, money laundering, and other harmful activity that could affect Stripe, our Financial Partners, End Users, our Business Users and others. Learn More. Ensuring safety, security, and compliance for our Services is a key priority for us, and collecting and utilizing Personal Data is crucial to this effort. Minors. Our Services are not directed to children under the age of 13, and we request that they do not provide Personal Data to seek Services directly from Stripe. In certain countries, we may impose higher age limits as required by applicable law. c. Sharing of Personal Data. Besides the sharing of Personal Data described above, we share Personal Data in the ways listed below: Stripe Affiliates. We share Personal Data with other Stripe-affiliated entities for purposes identified in this Policy. Service Providers or Processors. In order to provide, communicate, market, and advertise our Services, we depend on service providers. These providers offer critical services spanning from providing cloud infrastructure, conducting analytics for the assessment of speed, accuracy, and/or security of our Services, verifying identities, to providing customer service and audit functions. We authorize these service providers to use or disclose the Personal Data we make available to them to perform services on our behalf and comply with relevant legal obligations. We mandate these service providers to contractually commit to ensuring the security and confidentiality of the Personal Data they process on our behalf. The majority of our service providers are based in the European Union, the United States of America, and India. Learn More. Financial Partners. We share Personal Data with certain Financial Partners to provide Services to Business Users seeking such Services as well as offer certain Services in conjunction with these Financial Partners. For instance, we share certain Personal Data about Representatives, such as loan repayment data and contact information, with institutional investors who purchase or provide credit that's secured through the Capital loans we've extended to the Business Users they are associated with. Others with Consent. In some situations, we may not offer a service, but instead refer you to others (like professional service firms that we partner with to deliver the Atlas Service). In these instances, we will disclose the identity of the third party and the information to be shared with them, and seek your consent to share the information. Corporate Transactions. If we enter or intend to enter a transaction that modifies the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or part of our business, assets, or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity that buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Policy. Compliance and Harm Prevention. We share Personal Data when we believe it is necessary to comply with applicable law; to abide by rules imposed by Financial Partners in connection with the use of their payment method; enforce our contractual rights; secure and protect the Services, rights, privacy, safety, and property of Stripe, you, and others, including against malicious or fraudulent activity; and to respond to valid legal requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence. 3. Legal bases for processing Personal Data For purposes of the General Data Protection Regulation and other applicable data protection laws, we rely on a number of legal bases to process your Personal Data. Learn More. For some jurisdictions, there may be additional legal bases, which are outlined in the Jurisdiction-Specific Provisions section below. a. Contractual and Pre-Contractual Business Relationships. We process Personal Data to enter into business relationships with prospective Business Users and End Users and fulfill our respective contractual obligations with them. These processing activities include: Creation and management of Stripe accounts and Stripe account credentials, including the assessment of applications to initiate or expand the use of our Services; Creation and management of Stripe Checkout accounts; Accounting, auditing, and billing activities; and Processing of payments and related activities, which include fraud detection, loss prevention, transaction optimization, communications about such payments, and related customer service activities. b. Legal Compliance. We process Personal Data to verify the identities of individuals and entities to comply with obligations related to fraud monitoring, prevention, and detection, laws associated with identifying and reporting illicit and illegal activities, such as those under the Anti-Money Laundering ("AML") and Know-Your-Customer (“KYC") regulations, and financial reporting obligations. For example, we may be required to record and verify a Business User’s identity to comply with regulations designed to prevent money laundering, fraud, and financial crimes. These legal obligations may require us to report our compliance to third parties and subject ourselves to third party verification audits. c. Legitimate Interests. Where allowed under applicable law, we rely on our legitimate business interests to process your Personal Data. The following list provides an example of the business purposes for which we have a legitimate interest in processing your data: Detection, monitoring, and prevention of fraud and unauthorized payment transactions; Mitigation of financial loss, claims, liabilities or other harm to End Customers, End Users, Business Users, Financial Partners, and Stripe; Determination of eligibility for and offering new Stripe Services (Learn More); Response to inquiries, delivery of Service notices, and provision of customer support; Promotion, analysis, modification, and improvement of our Services, systems, and tools, as well as the development of new products and services, including enhancing the reliability of the Services; Management, operation, and improvement of the performance of our Sites and Services, through understanding their effectiveness and optimizing our digital assets; Analysis and advertisement of our Services, and related improvements; Aggregate analysis and development of business intelligence that enable us to operate, protect, make informed decisions about, and report on the performance of our business; Sharing of Personal Data with third party service providers that offer services on our behalf and business partners that help us in operating and improving our business (Learn More); Enabling network and information security throughout Stripe and our Services; and Sharing of Personal Data among our affiliates. d. Consent. We may rely on consent or explicit consent to collect and process Personal Data regarding our interactions with you and the provision of our Services such as Link, Financial Connections, Atlas, and Identity. When we process your Personal Data based on your consent, you have the right to withdraw your consent at any time, and such a withdrawal will not impact the legality of processing performed based on the consent prior to its withdrawal. e. Substantial Public Interest. We may process special categories of Personal Data, as defined by the GDPR, when such processing is necessary for reasons of substantial public interest and consistent with applicable law, such as when we conduct politically-exposed person checks. We may also process Personal Data related to criminal convictions and offenses when such processing is authorized by applicable law, such as when we conduct sanctions screening to comply with AML and KYC obligations. 4. Your rights and choices Depending on your location and subject to applicable law, you may have choices regarding our collection, use, and disclosure of your Personal Data: a. Opting out of receiving electronic communications from us If you wish to stop receiving marketing-related emails from us, you can opt-out by clicking the unsubscribe link included in such emails or as described here. We'll try to process your request(s) as quickly as reasonably practicable. However, it's important to note that even if you opt out of receiving marketing-related emails from us, we retain the right to communicate with you about the Services you receive (like support and important legal notices) and our Business Users might still send you messages or instruct us to send you messages on their behalf. b. Your data protection rights Depending on your location and subject to applicable law, you may have the following rights regarding the Personal Data we control about you: The right to request confirmation of whether Stripe is processing Personal Data associated with you, and if so, request access to that Personal Data (Learn More); The right to request that Stripe rectify or update your Personal Data if it's inaccurate, incomplete, or outdated; The right to request that Stripe erase your Personal Data in certain circumstances as provided by law (Learn More); The right to request that Stripe restrict the use of your Personal Data in certain circumstances, such as while Stripe is considering another request you've submitted (for instance, a request that Stripe update your Personal Data); The right to request that we export the Personal Data we hold about you to another company, provided it's technically feasible; The right to withdraw your consent if your Personal Data is being processed based on your previous consent; The right to object to the processing of your Personal Data if we are processing your data based on our legitimate interests; unless there are compelling legitimate grounds or the processing is necessary for legal reasons, we will cease processing your Personal Data upon receiving your objection (Learn More); The right not to be discriminated against for exercising these rights; and The right to appeal any decision by Stripe relating to these rights by contacting Stripe’s Data Protection Officer (“DPO”) at dpo@stripe.com. You may have additional rights, depending on applicable law, over your Personal Data. For example, see the Jurisdiction-specific provisions section under United States below. c. Process for exercising your data protection rights To exercise your data protection rights, visit our Privacy Center or contact us as outlined below. 5. Security and Retention We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse. Learn More. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We encourage you to assist us in protecting your Personal Data. If you hold a Stripe account, you can do so by using a strong password, safeguarding your password against unauthorized use, and avoiding using identical login credentials you use for other services or accounts for your Stripe account. If you suspect that your interaction with us is no longer secure (for instance, you believe that your Stripe account's security has been compromised), please contact us immediately. We retain your Personal Data for as long as we continue to provide the Services to you or our Business Users, or for a period in which we reasonably foresee continuing to provide the Services. Even after we stop providing Services directly to you or to a Business User that you're doing business with, and even after you close your Stripe account or complete a transaction with a Business User, we may continue to retain your Personal Data to: Comply with our legal and regulatory obligations; Enable fraud monitoring, detection, and prevention activities; and Comply with our tax, accounting, and financial reporting obligations, including when such retention is required by our contractual agreements with our Financial Partners (and where data retention is mandated by the payment methods you've used). In cases where we keep your Personal Data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable law. Learn More. 6. International Data Transfers As a global business, it's sometimes necessary for us to transfer your Personal Data to countries other than your own, including the United States. These countries might have data protection regulations that are different from those in your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. In certain situations, we may be required to disclose Personal Data in response to lawful requests from officials, such as law enforcement or security authorities. Learn More. If you are located in the European Economic Area (“EEA”), the United Kingdom ("UK"), or Switzerland, please refer to our Privacy Center for additional details. When a data transfer mechanism is mandated by applicable law, we employ one or more of the following: Transfers to certain countries or recipients that are recognized as having an adequate level of protection for Personal Data under applicable law. EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office. You can obtain a copy of the relevant Standard Contractual Clauses. Learn More. Other lawful methods available to us under applicable law. Stripe, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and as applicable. Learn More. 7. Updates and notifications We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law. We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, if you are an End User or Representative, by contacting you through your Stripe Dashboard, email address and/or the physical address listed in your Stripe account. 8. Jurisdiction-specific provisions Australia. If you are an Australian resident and dissatisfied with our handling of any complaint you raise under this Policy, you may consider contacting the Office of the Australian Information Commissioner. Brazil. You may exercise your rights by contacting our DPO at dpo@stripe.com. Brazilian residents, for whom the Lei Geral de Proteção de Dados Pessoais (“LGPD”) applies, have rights set forth in Article 18 of the LGPD. Canada. As used in this Policy, “applicable law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information Protection Act, SBC 2003 c 63, in British Columbia, the Personal Information Protection Act, SA 2003 c P-6.5, in Alberta, and the Act Respecting the Protection of Personal Information in the Private Sector, CQLR c P-39-1 (Quebec Private Sector Act), in Quebec. Learn more. “Personal Data” includes “personal information” as defined under those laws. Stripe’s Chief Privacy Officer is the person in charge of personal information, including under the Quebec Private Sector Act. You may contact them via email at privacy@stripe.com. When Stripe collects Personal Data belonging to Canadian (including Quebec) residents, it transfers that data to data centers in the United States. When Stripe relies on service providers to process Personal Data as described herein, those service providers may also be located outside of Canada or Quebec. You have the right to request access or rectification of the Personal Data Stripe holds related to you or to withdraw any consent given to the processing of such personal data. You may exercise those rights by contacting Stripe’s Chief Privacy Officer at privacy@stripe.com. If you are an End Customer, you should contact the Business User with which you transacted to exercise your rights. EEA and UK. You may exercise your rights by contacting our DPO at dpo@stripe.com. If you are a resident of the EEA or if Stripe Payments Europe Limited is identified as your data controller, and you believe our processing of your information contradicts the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Irish Data Protection Commission. If you are a resident of the UK, direct your questions or concerns to the UK Information Commissioner’s Office. Where Personal Data is used for regulated financial activities in Europe, Stripe Payments Europe Limited and Stripe's local regulated entities are considered joint controllers. Learn More. You also have additional rights under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Learn More. India. In this Policy, “applicable law” includes the Digital Personal Data Protection Act (DPDPA) once the DPDPA is enacted. Further, the term “data controller” includes “data fiduciaries,” and the term “data subject” includes “data principal,” both as defined in the DPDPA. In some cases, and as permitted under the DPDPA, we may rely on “legitimate use” as a legal basis. For example, we do so when you voluntarily provide your Personal Data to us. “Consent Managers” as defined under the DPDPA may submit a request to revoke or provide consent using the methods described in the Contact Us section below, or as set out in the following paragraph, or via other means made available by Stripe in the future. We may ask for proof of authorization and identity before processing such a request. In certain cases, you may be asked to consent to the collection and processing of your Aadhaar number by Stripe India Private Limited and/or its third party verification partner(s). The purpose of this collection is to facilitate the identification verification process as required under applicable laws. Your provision of Aadhaar details is purely voluntary, and you may provide other identification documents as may be accepted by us from time to time. You will not be denied service merely for not submitting Aadhaar details. If you have any questions or complaints regarding the processing of your Personal Data in India, or if you want to receive this Policy or communicate with us about privacy in one of India’s official languages, please contact our Nodal and Grievance Officer. Learn More. Alternatively, you may contact our DPO at dpo@stripe.com. If we are unable to address your complaint or grievance, you have the right to escalate the matter to the Data Protection Board of India. Indonesia. In this Policy, “applicable law” includes Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions, Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, and Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems, and from September 2024, Law No. 27 of 2022 concerning Personal Data Protection (PDP Law). If you have any questions or complaints about this Policy, please contact our DPO at dpo@stripe.com. Japan. In this Policy, “applicable law” includes the Act on the Protection of Personal Information (APPI). When we transfer Personal Data of data subjects in Japan to jurisdictions not recognized as ‘adequate’ by the Personal Information Protection Commission, we enter into written agreements with any third parties located outside of Japan. These written agreements provide rights and obligations equivalent to those provided under the Japanese Act on the Protection of Personal Information. For more information on how we ensure that third parties protect your data and where your data is located, please see above or contact us as described below. For a description of foreign systems and frameworks that may affect the implementation of equivalent measures by the third party, see here. In some cases, and as permitted under the APPI, we may rely on “public interest” as a legal basis, such as fraud detection and loss prevention. Malaysia. If you have any questions or complaints about this Policy, please contact our DPO at dpo@stripe.com. Singapore. In this Policy, “applicable law” includes the Personal Data Protection Act 2012 (PDPA) (No. 26 of 2012) as amended from time to time. In some cases, and as permitted under the PDPA, we may rely on “deemed consent” as a legal basis. For example, we do so when you voluntarily provide your personal data to us. If you have any questions or complaints about this Policy, please contact our DPO at dpo@stripe.com. Switzerland. In this Policy, “applicable law” includes the Swiss Federal Act on Data Protection (FADP), as revised. To exercise your rights under the FADP, please contact our DPO at dpo@stripe.com. You may also have additional rights under the Swiss-U.S. Data Privacy Framework when it comes into force. Learn More. Thailand. In this Policy, “applicable law” includes the Personal Data Protection Act 2019 (PDPA). If we rely on certain legal bases (such as “legal obligation” or “contractual necessity” and you do not provide us with your Personal Data, we may not be able to lawfully provide you services. If you have any questions or complaints about this Policy, please contact our DPO at dpo@stripe.com. United States. If you are a consumer located in the United States (“US”), we process your personal information in accordance with US privacy laws, including the California Consumer Privacy Act ( "CCPA"), Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Florida Digital Bill of Rights, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act. For specific details, please see here. Stripe uses cookies, including advertising cookies, as described in our Cookie Policy. Your Rights and Choices. As a US consumer and subject to certain limitations under US privacy laws, you may have choices regarding our use and disclosure of your Personal Data (learn more about data subject rights metrics). In addition to the above rights, other rights include: Exercising the right to know: You have a right to request additional information about the categories of personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information. Exercising the right to opt-out from a sale or sharing: We do not transfer your personal data to third parties in exchange for payment. However, as noted above, we may provide the data to third party partners, such as advertising partners, analytics providers, and social networks, who assist us in advertising our products and Services to you. Because these third parties may use the data Stripe provides for their own purposes, Stripe's provision of data to these parties may be considered a data “sale” or “sharing” as those terms are defined under the CCPA and other applicable US privacy laws. You can opt out of targeted advertising and any related data “sales” or “sharing” here. Exercising the right to limit the use or sharing of Sensitive Personal Information: We do not sell or share Sensitive Personal Information as defined by US privacy laws and have not done so in the past 12 months. Learn more about our collection and use of Sensitive Personal Information over the last 12 months here. To submit a request to exercise any of the rights described above, please contact us using the methods described in the Contact Us section below. Please note that rights under some U.S. state laws do not apply to Personal Data we collect, process, and disclose when you act as a consumer to obtain financial products or services from Stripe for individual or household purposes. The federal Gramm-Leach Bliley Act may govern how Stripe shares and protects that data instead. See our US Consumer Privacy Notice below for more information. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section below. We may still require you to directly verify your identity and confirm that you gave the authorized agent permission to submit the request. Global Privacy Control signals. Stripe honors the Global Privacy Control (GPC) opt-out preference signals. Learn More. 9. Contact us If you have any questions or complaints about this Policy, please contact us. If you are an End Customer (i.e., an individual doing business or transacting with a Business User), please refer to the privacy policy or notice of the Business User for information regarding the Business User’s privacy practices, choices and controls, or contact the Business User directly. 10. US Consumer Privacy Notice The following Consumer Privacy Notice applies to you if you are an individual who resides in the United States and obtains financial services from Stripe primarily for your own personal family or household purposes. Last updated: January 16, 2024 FACTS WHAT DOES STRIPE DO WITH YOUR PERSONAL INFORMATION? Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. What? The types of personal information we collect and share depend on the product or service you have with us. This information can include: • Social Security Number • Contact details • Account balances and transaction history • Payment, transaction, and purchase information and history When you are no longer our customer, we continue to share your information as described in this notice. How? All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Stripe chooses to share; and whether you can limit this sharing. Reasons we can share your personal information Does Stripe Share? Can you limit this sharing For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No For our marketing purposes - to offer our products and Services to you Yes No For joint marketing with other financial companies Yes No For our affiliates' everyday business purposes - information about your transactions and experiences Yes No For our affiliates' everyday business purposes - information about your creditworthiness No We don’t share For our affiliates to market to you No We don’t share For nonaffiliates to market to you if you are a Link user Yes Yes For nonaffiliates to market to you if you are a Financial Connections user No We don’t share To limit our sharing Login to your Link account at app.link.com/settings and toggle off data sharing from the Messaging menu. Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing. Questions? Contact us at privacy@stripe.com or visit us at https://support.link.com Who we are Who is providing this notice? Stripe, Inc., Stripe Payments Company, and their affiliates that provide consumers services in the U.S. What we do How does Stripe protect my personal information? To protect your personal information from unauthorized access, destruction, loss, alteration, or misuse we use security measures to comply with federal law. These measures include computer safeguards and secured files and buildings. We impose access controls along with ongoing monitoring to prevent data misuse, and we require our service providers to take similar steps to protect your information. How does Stripe collect my personal information? We collect your personal information, for example, when you • open a Link account; • ask Stripe to process a payment for goods or services; • provide bank account information to Stripe using Financial Connections We also collect your personal information from others, such as affiliates or other companies. Why can’t I limit all sharing? Federal law gives you the right to limit only • sharing for affiliates’ everyday business purposes — information about your creditworthiness • affiliates from using your information to market to you • sharing for nonaffiliates to market to you. State laws and individual companies may give you additional rights to limit sharing. See the Other Important Information section below for more information on your rights under state law. What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to everyone on your account. Definitions Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies. • Our affiliates include companies operating under the Stripe name, such as Stripe Payments Europe, Limited and Stripe Payments UK Ltd. Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies. • Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf, Business Users with which you choose to transact, partners with which we share data to provide you with services, and advertising partners, analytics providers, and social networks, who assist us in advertising our Services to you. Joint Marketing A formal agreement between non-affiliated financial companies that together market financial products or services to you. • Our joint marketing partners include financial companies we partner with to provide you with financial services. Other important information Vermont: If your account with us is associated with a Vermont billing address, we will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. For joint marketing, we will only disclose your name, contact information, and information about your transactions. Additional information concerning our privacy policies can be found in our Privacy Policy and Privacy Center. California: If your account with us is associated with a California billing address, we will not disclose Personal Data we collect about you except to the extent permitted under California law. For instance, we may disclose your Personal Data as necessary to process transactions or provide products and services you request, at your instruction, as required for institution risk control, and to safeguard against fraud, identity theft, and unauthorized transactions.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information collected when you use our Facebook application(s). We by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, check-ins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To
fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
- To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
- To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see
" WHAT ARE YOUR PRIVACY RIGHTS? " below.
- To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
- To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
- To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
Marketing .Comments made on social media may be used for marketing. However, they will remain anonymous. Photos and/or names will never be used or shown..
__________ .__________
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e.
, consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a Contract. We may process your personal information when we believe it is necessary to
fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers and discounts on our products and services
Analyze how our Services are used so we can improve them to engage and retain users
- Diagnose problems and/or prevent fraudulent activities
- Understand how our users use our products and services so we can improve user experience
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
In Short: We may share information in specific situations described in this section and/or with the following
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (
The
Communication & Collaboration Tools
Data Analytics Services
Payment Processors
Sales & Marketing Tools
User Account Registration & Authentication Services
Website Hosting Service Providers
We
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services
We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.
To the extent these online tracking technologies are deemed to be a
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice__________
Google Analytics
We may share your information with Google Analytics to track and
6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located inUnited States United States United States,
If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.
European Commission's Standard Contractual Clauses:
We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of
We have implemented appropriate and reasonable technical and
9. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at __________
10. WHAT ARE YOUR PRIVACY RIGHTS?
In Short:
In some regions (like
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information,
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor,
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. __________ .
If you have questions or comments about your privacy rights, you may email us at hello@thankfullyfitwithbayley.com .
11. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for
12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of Tennessee
Categories of Personal Information We Collect
We have collected the following categories of personal information in the past twelve (12) months:
| Category | Examples | Collected |
A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name |
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data | ||
Transaction information, purchase history, financial details, and payment information | ||
Fingerprints and voiceprints | ||
Browsing history, search history, online | ||
Device location | ||
Images and audio, video or call recordings created in connection with our business activities | ||
Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | ||
Student records and directory information | ||
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | ||
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
Sources of Personal Information
Learn more about the sources of personal information we collect in
How We Use and Share Personal Information
Learn about how we use your personal information in the section,
We collect and share your personal information through:
Google Analytics
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section,
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under We have sold or shared the following categories of personal information to third parties in the preceding twelve (12) months:
The categories of third parties to whom we sold personal information are:The categories of third parties to whom we shared personal information with are:Your RightsYou have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:How to Exercise Your RightsTo exercise these rights, you can contact us You can opt out from the selling of your personal information, targeted advertising, or profiling by disabling cookies in Cookie Preference Settings.Under certain US state data protection laws, you can designate an Request VerificationUpon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.If you submit the request through an AppealsUnder certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at 13. DO WE MAKE UPDATES TO THIS NOTICE?In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.We may update this privacy notice from time to time. The updated version will be indicated by an updated 14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?If you have questions or comments about this notice, you may 15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?