Alpha This is a new service – your feedback will help us to improve it.

Menu Search

PayPal

The information on this page is from the privacy notice published by PayPal.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

Organisation information

Description

Payment initiation service provider

Registration country

Luxembourg

Registration number

B118349

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Postal address

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank transactions

  • Credit history

  • Device information

  • Email address

  • Location

  • Names

  • Postal address

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Payment processors

  • Auditing services

  • Customer service outsourcing

  • Credit reference and fraud agencies

  • Financial products services

  • Commercial partnerships

  • Marketing and public relations

  • Operational services

  • Other PayPal Group companies

  • Legal services

  • Agencies

How specific is this information?

Third parties are listed by name

Observations

PayPal provide a breakdown of specific named third-parties with which data may be shared. This list is very long and is available at: https://www.paypal.com/uk/webapps/mpp/ua/third-parties-list

Retention rules

Organisations must give details about how long data is kept.

This privacy notice does not appear to have this information.

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    - To market to you by delivering marketing materials about PayPal products and online Services and the products and services of unaffiliated businesses
    - To provide personalised Services offered by PayPal on third-party websites
    - To provide you with location-specific options, functionality or offers
    - To make it easier for you to find and connect with others
    - To respond to your requests

  • Contract

    - To operate the Sites and provide the Services

  • Legal obligation

    - To comply with our obligations and to enforce the terms of our Sites and Services
    - To manage risk and protect the Sites, the Services and you from fraud by verifying your identity

  • Legitimate interests

    - To manage our business needs
    - To enforce the terms of our Sites and Services;
    - To manage our everyday business needs, such as monitoring, analysing
    - To anonymise Personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services.
    - To manage risk and protect the Sites, the Services and you from fraud by verifying your identity

Observations

PayPal do not break down their justifications for processing data into individual interests.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

PayPal's privacy policy contains a section about securing personal data but it does not mention any of the specific measures they take to do so.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

They indicate that automated decision making is used with user consent for decisions concerning credit, or where it is "necessary for the entry into or performance of a contract", or where it is authorised by Union or Member State law.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

This privacy notice does not contain information about to make a complaint to a data protection regulator.

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:14 • Download as JSONAPI documentationView on GitHubView on OpenCorporates