Alpha This is a new service – your feedback will help us to improve it.

Menu Search

Square

The information on this page is from the privacy notice published by Square.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

Organisation information

Description

Payment initiation service provider

Registration country

Ireland

Registration number

583287

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

privacy-eu@squareup.com

Postal address

FAO: Data Protection Officer, Squareup International Ltd, Fumbally Square, Fumbally Lane, Dublin 8, Ireland

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • Credit history

  • Device information

  • Email address

  • Identity documents

  • Location

  • Names

  • Postal address

  • Social security number

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • With other users of our services with whom you interact

  • With our group companies including our parent company and other affiliates

  • Fraud prevention services

  • Identity verification services

  • Fee collection services

  • Financial institutions

  • Payment networks

  • Payment card associations

  • Credit bureaus

  • Partners providing services on Square's behalf

  • Other entities (including First Data) in connection with services

  • With third parties that run advertising campaigns, contests, special offers, or other events or activities

  • Other entities for the purposes of mergers and acquisitions

  • Government entities for the purposes of complying with applicable laws, regulations or legal processes

  • Other third parties with a customer's consent

  • Other third parties (in aggregated or anonymised form)

How specific is this information?

Third parties are listed as groups

Observations

Square mentions that some data is shared with other "third parties" for the purposes of advertising and running campaigns. It does not indicate that this data is aggregated or anonymised.

Retention rules

Organisations must give details about how long data is kept.

Summary

Square indicate that they generally retain information "only as long as reasonably necessary to provide you the Services or to comply with applicable law".

The policy notes that there are other situations in which data must be retained for longer to comply with legal or regulatory obligations.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

This privacy notice does not appear to have this information.

Security standards

Organisations must ensure that data is stored and processed securely.

Security standards URL

https://squareup.com/gb/en/security

Observations

Square provide a comprehensive breakdown of the technical and operational security measures they put in place to safeguard customer data.

How specific is this information?

This organisation provides specific details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

Square offer a breakdown of the situations in which automated decision making is used - namely: identity verification, fraud and crime detection, product development and creation, and marketing.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

The policy contains some information about making complaints to Square and how they will be handled, and contains a link to Europa.EU's page with contact details for the relevant data protection authorities in EU member states.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:14 • Download as JSONAPI documentationView on GitHubView on OpenCorporates